diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-test.yml similarity index 54% rename from .github/workflows/build-and-deploy.yml rename to .github/workflows/build-and-test.yml index 44fd6ccf..d6719cea 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-test.yml @@ -1,22 +1,33 @@ -name: Build and deploy to nais +name: Build, test and prepare for deploy on: workflow_call: inputs: - DEPLOY_INSTANCE: - required: true + IMAGE_SUFFIX: + required: false type: string - CLUSTER: + TEST_ONLY: + required: false + type: boolean + outputs: + IMAGE: + description: "Docker image" + value: ${{ jobs.build.outputs.image }} + secrets: + READER_TOKEN: + required: true + NAIS_WORKLOAD_IDENTITY_PROVIDER: required: true - type: string jobs: - build_and_deploy: - name: Build and deploy + build: + name: Build and test runs-on: ubuntu-latest environment: ${{ inputs.DEPLOY_INSTANCE }} permissions: contents: read id-token: write + outputs: + IMAGE: ${{ steps.docker-push.outputs.image }} steps: - name: Checkout repo uses: actions/checkout@v4 @@ -30,35 +41,29 @@ jobs: NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }} - name: Build app run: bun run build - - name: Run tests + - name: Run unit tests run: bun run test + - name: Setup playwright # TODO: can this be cached? It is slow :D + run: | + bunx playwright install --with-deps + cp packages/server/.env.sample packages/server/.env + - name: Run playwright tests + run: bunx playwright test - name: Upload static files to NAV CDN uses: nais/deploy/actions/cdn-upload/v2@master + if: inputs.TEST_ONLY != true with: team: personbruker source: './packages/server/public' destination: '/decorator-next' - project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} # Provided as Organization Secret - identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} # Provided as Organization Variable + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} - name: Build and push docker image uses: nais/docker-build-push@v0 + if: inputs.TEST_ONLY != true id: docker-push with: team: personbruker project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} - image_suffix: ${{ inputs.DEPLOY_INSTANCE }} - - name: Deploy external app - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: ${{ inputs.CLUSTER }} - RESOURCE: .nais/config.yml - VAR: image=${{ steps.docker-push.outputs.image }},versionId=${{ github.sha }} - VARS: .nais/vars/${{ inputs.DEPLOY_INSTANCE }}.yml - - name: Deploy internal versioned app - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: ${{ inputs.CLUSTER }} - RESOURCE: .nais/config-internal.yml - VAR: image=${{ steps.docker-push.outputs.image }},versionId=${{ github.sha }} - VARS: .nais/vars/${{ inputs.DEPLOY_INSTANCE }}.yml + image_suffix: ${{ inputs.IMAGE_SUFFIX }} diff --git a/.github/workflows/deploy-application.yml b/.github/workflows/deploy-application.yml new file mode 100644 index 00000000..dbb964ce --- /dev/null +++ b/.github/workflows/deploy-application.yml @@ -0,0 +1,60 @@ +name: Deploy app to nais +on: + workflow_call: + inputs: + DEPLOY_INSTANCE: + required: true + type: string + CLUSTER: + required: true + type: string + IMAGE: + required: true + type: string + DEPLOY_INTERNAL: + required: false + type: boolean + secrets: + VARS_UPDATE_TOKEN: + required: true + +jobs: + deploy_to_nais: + name: Deploy to nais + runs-on: ubuntu-latest + environment: ${{ inputs.DEPLOY_INSTANCE }} + env: + PREV_VERSION_ID: ${{ vars.PREV_VERSION_ID }} + PREV_IMAGE: ${{ vars.PREV_IMAGE }} + permissions: + contents: read + id-token: write + steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Set version id from short commit hash + run: | + shortSha=$(git rev-parse --short ${{ github.sha }}) + echo "VERSION_ID=$shortSha" >> $GITHUB_ENV + - name: Deploy internal versioned app + uses: nais/deploy/actions/deploy@v2 + if: inputs.DEPLOY_INTERNAL == true && env.PREV_VERSION_ID != '' && env.PREV_IMAGE != '' + env: + CLUSTER: ${{ inputs.CLUSTER }} + RESOURCE: .nais/config-internal.yml + VAR: image=${{ env.PREV_IMAGE }},versionId=${{ env.PREV_VERSION_ID }} + VARS: .nais/vars/${{ inputs.DEPLOY_INSTANCE }}.yml + - name: Deploy external app + uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: ${{ inputs.CLUSTER }} + RESOURCE: .nais/config.yml + VAR: image=${{ inputs.IMAGE }},versionId=${{ env.VERSION_ID }} + VARS: .nais/vars/${{ inputs.DEPLOY_INSTANCE }}.yml + - name: Update vars + env: + GITHUB_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} # This is a PAT with repo or Variables permission + run: | + gh variable set PREV_VERSION_ID --env ${{ inputs.DEPLOY_INSTANCE }} --body "${{ env.VERSION_ID }}" + gh variable set PREV_IMAGE --env ${{ inputs.DEPLOY_INSTANCE }} --body "${{ inputs.IMAGE }}" + gh variable list --env ${{ inputs.DEPLOY_INSTANCE }} diff --git a/.github/workflows/deploy-internal-app.yml b/.github/workflows/deploy-internal-app.yml deleted file mode 100644 index 70f13f40..00000000 --- a/.github/workflows/deploy-internal-app.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Deploy intern app-versjon -on: - workflow_dispatch: - inputs: - image: - description: "Image version (last segment of GAR tag)" - required: true - type: string - versionId: - description: "App version id" - required: true - type: string - deployInstance: - description: 'Deploy instance' - required: true - type: choice - options: - - dev-beta-navno - - dev-stable - - prod - -jobs: - deploy_internal: - name: Deploy intern app-versjon - runs-on: ubuntu-latest - environment: ${{ inputs.DEPLOY_INSTANCE }} - permissions: - contents: read - id-token: write - steps: - - name: Checkout repo - uses: actions/checkout@v4 - - name: Deploy internal versioned app - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: ${{ inputs.deployInstance == 'prod' && 'prod-gcp' || 'dev-gcp' }} - RESOURCE: .nais/config-internal.yml - VAR: image=europe-north1-docker.pkg.dev/nais-management-233d/personbruker/${{ inputs.image }},versionId=${{ inputs.versionId }} - VARS: .nais/vars/${{ inputs.deployInstance }}.yml diff --git a/.github/workflows/deploy-network-policy.yml b/.github/workflows/deploy-network-policy.yml new file mode 100644 index 00000000..6805a2c8 --- /dev/null +++ b/.github/workflows/deploy-network-policy.yml @@ -0,0 +1,28 @@ +name: Deploy network policy to nais +on: + workflow_dispatch: + push: + branches: + - main + paths: + - .nais/network-policy.yml + +jobs: + deploy-network-policy: + name: Deploy network policy + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - uses: actions/checkout@v4 + - name: Deploy to prod + uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: prod-gcp + RESOURCE: .nais/network-policy.yml + - name: Deploy to dev + uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: dev-gcp + RESOURCE: .nais/network-policy.yml diff --git a/.github/workflows/deploy-unleash-api-token.yml b/.github/workflows/deploy-unleash-api-token.yml index d53df8cd..52f8a5a0 100644 --- a/.github/workflows/deploy-unleash-api-token.yml +++ b/.github/workflows/deploy-unleash-api-token.yml @@ -1,6 +1,8 @@ name: Deploy unleash-apitoken on: push: + branches: + - main paths: - ".nais/unleash-api-token.dev.yaml" - ".nais/unleash-api-token.prod.yaml" @@ -26,7 +28,6 @@ jobs: permissions: contents: read id-token: write - if: github.ref == 'refs/heads/main' steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/deploy.beta.navno.yml b/.github/workflows/deploy.beta.navno.yml index e35d266b..ae46251b 100644 --- a/.github/workflows/deploy.beta.navno.yml +++ b/.github/workflows/deploy.beta.navno.yml @@ -1,14 +1,31 @@ name: Deploy to Team nav.no beta on: workflow_dispatch: + inputs: + DEPLOY_INTERNAL: + description: "Deploy previous version to internal" + required: false + type: boolean jobs: + build: + uses: ./.github/workflows/build-and-test.yml + permissions: + id-token: write + contents: read + with: + IMAGE_SUFFIX: dev-beta-navno + secrets: inherit deploy: - uses: ./.github/workflows/build-and-deploy.yml + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: id-token: write contents: read with: DEPLOY_INSTANCE: dev-beta-navno CLUSTER: dev-gcp - secrets: inherit + IMAGE: ${{ needs.build.outputs.IMAGE }} + DEPLOY_INTERNAL: ${{ inputs.DEPLOY_INTERNAL }} + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} diff --git a/.github/workflows/deploy.beta.tms.yml b/.github/workflows/deploy.beta.tms.yml index 3838b4ce..1f47bccd 100644 --- a/.github/workflows/deploy.beta.tms.yml +++ b/.github/workflows/deploy.beta.tms.yml @@ -1,14 +1,31 @@ -name: Deploy to TMS beta +name: Deploy to Team min-side beta on: workflow_dispatch: + inputs: + DEPLOY_INTERNAL: + description: "Deploy previous version to internal" + required: false + type: boolean jobs: + build: + uses: ./.github/workflows/build-and-test.yml + permissions: + id-token: write + contents: read + with: + IMAGE_SUFFIX: dev-beta-tms + secrets: inherit deploy: - uses: ./.github/workflows/build-and-deploy.yml + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: id-token: write contents: read with: DEPLOY_INSTANCE: dev-beta-tms CLUSTER: dev-gcp - secrets: inherit + IMAGE: ${{ needs.build.outputs.IMAGE }} + DEPLOY_INTERNAL: ${{ inputs.DEPLOY_INTERNAL }} + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} diff --git a/.github/workflows/deploy.dev.yml b/.github/workflows/deploy.dev.yml index 9c1771d8..78b489ee 100644 --- a/.github/workflows/deploy.dev.yml +++ b/.github/workflows/deploy.dev.yml @@ -1,14 +1,31 @@ name: Deploy to dev on: workflow_dispatch: + inputs: + DEPLOY_INTERNAL: + description: "Deploy previous version to internal" + required: false + type: boolean jobs: + build: + uses: ./.github/workflows/build-and-test.yml + permissions: + id-token: write + contents: read + with: + IMAGE_SUFFIX: dev-stable + secrets: inherit deploy: - uses: ./.github/workflows/build-and-deploy.yml + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: id-token: write contents: read with: DEPLOY_INSTANCE: dev-stable CLUSTER: dev-gcp - secrets: inherit + IMAGE: ${{ needs.build.outputs.IMAGE }} + DEPLOY_INTERNAL: ${{ inputs.DEPLOY_INTERNAL }} + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} diff --git a/.github/workflows/deploy.prod.yml b/.github/workflows/deploy.prod.yml index 1463a9d9..b76342da 100644 --- a/.github/workflows/deploy.prod.yml +++ b/.github/workflows/deploy.prod.yml @@ -3,125 +3,68 @@ on: push: branches: - main + paths-ignore: + - ./README.md jobs: - build-and-test: - runs-on: ubuntu-latest - outputs: - image: ${{ steps.docker-push.outputs.image }} + build: + uses: ./.github/workflows/build-and-test.yml permissions: - contents: read id-token: write - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: 20.14.0 - - uses: oven-sh/setup-bun@v1 - with: - bun-version: 1.1.11 - - name: Install dependencies - run: bun install --immutable --ignore-scripts - env: - NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }} - - run: bun run build - - run: bun run test - - - run: bunx playwright install --with-deps - - run: cp packages/server/.env.sample packages/server/.env - - run: bunx playwright test - - - name: Upload to CDN - uses: nais/deploy/actions/cdn-upload/v2@master - with: - team: personbruker - source: './packages/server/public' - destination: '/decorator-next' - project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} - identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} - - name: Build and push docker image - uses: nais/docker-build-push@v0 - id: docker-push - with: - team: personbruker - project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} - identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + contents: read + with: + IMAGE_SUFFIX: prod + secrets: inherit - deploy-network-policy: - runs-on: ubuntu-latest - needs: build-and-test + deploy-prod: + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: - contents: read id-token: write - steps: - - uses: actions/checkout@v4 - - name: Deploy to prod - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: prod-gcp - RESOURCE: .nais/network-policy.yml - - name: Deploy to dev - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: dev-gcp - RESOURCE: .nais/network-policy.yml + contents: read + with: + DEPLOY_INSTANCE: prod + CLUSTER: prod-gcp + IMAGE: ${{ needs.build.outputs.IMAGE }} + DEPLOY_INTERNAL: true + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} - deploy-dev: - runs-on: ubuntu-latest - needs: build-and-test + deploy-dev-stable: + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: - contents: read id-token: write - steps: - - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: dev-gcp - RESOURCE: .nais/config.yml - VAR: image=${{ needs.build-and-test.outputs.image }},versionId=${{ github.sha }} - VARS: .nais/vars/dev-stable.yml + contents: read + with: + DEPLOY_INSTANCE: dev-stable + CLUSTER: dev-gcp + IMAGE: ${{ needs.build.outputs.IMAGE }} + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} deploy-beta-navno: - runs-on: ubuntu-latest - needs: build-and-test + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: - contents: read id-token: write - steps: - - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: dev-gcp - RESOURCE: .nais/config.yml - VAR: image=${{ needs.build-and-test.outputs.image }},versionId=${{ github.sha }} - VARS: .nais/vars/dev-beta-navno.yml - - deploy-prod-internal: - runs-on: ubuntu-latest - needs: build-and-test - permissions: contents: read - id-token: write - steps: - - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: prod-gcp - RESOURCE: .nais/config-internal.yml - VAR: image=${{ needs.build-and-test.outputs.image }},versionId=${{ github.sha }} - VARS: .nais/vars/prod.yml + with: + DEPLOY_INSTANCE: dev-beta-navno + CLUSTER: dev-gcp + IMAGE: ${{ needs.build.outputs.IMAGE }} + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} - deploy-prod: - runs-on: ubuntu-latest - needs: build-and-test + deploy-beta-tms: + uses: ./.github/workflows/deploy-application.yml + needs: build permissions: - contents: read id-token: write - steps: - - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: prod-gcp - RESOURCE: .nais/config.yml - VAR: image=${{ needs.build-and-test.outputs.image }},versionId=${{ github.sha }} - VARS: .nais/vars/prod.yml + contents: read + with: + DEPLOY_INSTANCE: dev-beta-tms + CLUSTER: dev-gcp + IMAGE: ${{ needs.build.outputs.IMAGE }} + secrets: + VARS_UPDATE_TOKEN: ${{ secrets.VARS_UPDATE_TOKEN }} diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml index fe40c3cd..0340e7e7 100644 --- a/.github/workflows/pr-test.yml +++ b/.github/workflows/pr-test.yml @@ -1,4 +1,4 @@ -name: PR Test +name: Run tests on PR on: pull_request: branches: @@ -6,24 +6,11 @@ on: jobs: build-and-test: - runs-on: ubuntu-latest + name: Build and run tests + uses: ./.github/workflows/build-and-test.yml permissions: + id-token: write contents: read - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: 20.14.0 - - uses: oven-sh/setup-bun@v1 - with: - bun-version: 1.1.11 - - name: Install dependencies - run: bun install --immutable --ignore-scripts - env: - NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }} - - run: bun run build - - run: bun run test - - - run: bunx playwright install --with-deps - - run: cp packages/server/.env.sample packages/server/.env - - run: bunx playwright test \ No newline at end of file + with: + TEST_ONLY: true + secrets: inherit diff --git a/.nais/config-internal.yml b/.nais/config-internal.yml index d9baeb5b..71ac236e 100644 --- a/.nais/config-internal.yml +++ b/.nais/config-internal.yml @@ -43,7 +43,8 @@ spec: - name: APP_NAME value: {{appName}} - name: VERSION_ID - value: {{versionId}} + # Ensure this is always parsed as string! + value: "{{versionId}}" - name: IS_INTERNAL_APP value: "true" {{#each env as |var|}} diff --git a/.nais/config.yml b/.nais/config.yml index c5347c1d..63d09ae9 100644 --- a/.nais/config.yml +++ b/.nais/config.yml @@ -46,7 +46,8 @@ spec: - name: APP_NAME value: {{appName}} - name: VERSION_ID - value: {{versionId}} + # Ensure this is always parsed as string! + value: "{{versionId}}" {{#each env as |var|}} - name: {{var.name}} value: {{var.value}}