diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 76e3d9d3..28baaad4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -4,8 +4,7 @@ on: branches: - main env: - DOCKER_REGISTRY: ghcr.io - DOCKER_IMAGE_PREFIX: ${{ github.repository }}/spreapp- + DOCKER_REGISTRY: europe-north1-docker.pkg.dev RESOURCE: config/nais.yml TEAM: tbd @@ -27,6 +26,7 @@ jobs: with: distribution: 'temurin' java-version: '21.x' + cache: 'gradle' - name: cache gradle wrapper uses: actions/cache@v3 with: @@ -72,6 +72,7 @@ jobs: needs: generate_vars permissions: packages: write + id-token: write name: build runs-on: ubuntu-latest if: needs.generate_vars.outputs.emptyMatrix == 'false' @@ -84,6 +85,7 @@ jobs: with: distribution: 'temurin' java-version: '21.x' + cache: 'gradle' - name: cache gradle wrapper uses: actions/cache@v3 with: @@ -96,20 +98,17 @@ jobs: uses: andstor/file-existence-action@v2 with: files: "${{ matrix.project }}/build/libs/app.jar" - - name: create docker tag - if: steps.app_jar.outputs.files_exists == 'true' - run: | - echo "IMAGE=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}${{ matrix.project }}:${{ needs.generate_vars.outputs.tag }}" >> $GITHUB_ENV - name: build docker image if: steps.app_jar.outputs.files_exists == 'true' - run: docker build ${{ matrix.project }} --pull -t $IMAGE -f Dockerfile - - name: push docker image - if: steps.app_jar.outputs.files_exists == 'true' - run: | - echo $GITHUB_TOKEN | docker login ${DOCKER_REGISTRY} --username $GITHUB_REPOSITORY --password-stdin - docker push $IMAGE - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: nais/docker-build-push@v0 + id: docker-build-push + with: + team: ${{ needs.generate_vars.outputs.team }} + image_suffix: ${{ matrix.project }} + tag: ${{ needs.generate_vars.outputs.tag }} + docker_context: ${{ matrix.project }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} deploy: needs: [generate_vars, build] @@ -120,34 +119,20 @@ jobs: matrix: ${{ fromJSON(needs.generate_vars.outputs.deployMatrix) }} runs-on: ubuntu-latest steps: - - name: check if docker image exists - id: docker-exists - run: | - TOKEN=$(curl https://${DOCKER_REGISTRY}/token\?scope\="repository:${DOCKER_IMAGE_PREFIX}${{ matrix.project }}:pull" | jq -r '.token') - curl --head --fail -H "Authorization: Bearer ${TOKEN}" https://${DOCKER_REGISTRY}/v2/${DOCKER_IMAGE_PREFIX}${{ matrix.project }}/manifests/${{ needs.generate_vars.outputs.tag }} - IMAGE_EXISTS=$? - if [ ${IMAGE_EXISTS} -ne 0 ]; then - echo "exists=false" >> $GITHUB_OUTPUT - else - echo "exists=true" >> $GITHUB_OUTPUT - fi - name: create env vars - if: steps.docker-exists.outputs.exists == 'true' run: | VARS_FILE="config/${{ matrix.project }}/${{ matrix.cluster }}.yml" echo "VARS=$VARS_FILE" >> $GITHUB_ENV - echo "IMAGE=${DOCKER_REGISTRY}/${DOCKER_IMAGE_PREFIX}${{ matrix.project }}:${{ needs.generate_vars.outputs.tag }}" >> $GITHUB_ENV + echo "IMAGE=${{ env.CONTAINER_REGISTRY }}/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/${{ needs.generate_vars.outputs.team }}/${{ github.event.repository.name }}-${{ matrix.project }}:${{ needs.generate_vars.outputs.tag }}" >> $GITHUB_ENV - name: Fetch sources - if: steps.docker-exists.outputs.exists == 'true' uses: actions/checkout@v4 - name: Check for vars yml - if: steps.docker-exists.outputs.exists == 'true' id: vars_file uses: andstor/file-existence-action@v2 with: files: "${{ env.VARS }}" - name: deploy - if: steps.docker-exists.outputs.exists == 'true' && steps.vars_file.outputs.files_exists == 'true' + if: steps.vars_file.outputs.files_exists == 'true' uses: nais/deploy/actions/deploy@v1 env: CLUSTER: ${{ matrix.cluster }} diff --git a/Dockerfile b/Dockerfile index cf1390d7..08d6d992 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,10 @@ -FROM ghcr.io/navikt/baseimages/temurin:21 +FROM gcr.io/distroless/java21-debian12:nonroot -COPY build/libs/*.jar ./ +COPY build/libs/*.jar /app/ +ENV TZ="Europe/Oslo" +ENV JAVA_OPTS='-XX:MaxRAMPercentage=90' + +WORKDIR /app + +CMD ["app.jar"] \ No newline at end of file