Skip to content
Build & deploy

GithubAction permissions for push docker image #331

Sign in to view logs

GithubAction permissions for push docker image

GithubAction permissions for push docker image #331

Workflow file for this run

.github/workflows/deploy.yml at 6a6bc82
name: Build & deploy
on: [push]
env:
IMAGE: ghcr.io/${{ github.repository }}/rekrutteringsbistand-stilling-indekser:${{ github.sha }}
jobs:
test:
name: Run tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Run tests
run: ./gradlew test --info
deploy-to-dev:
name: Deploy to dev
needs: test
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/styrk-tittel'
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Build jar with Gradle
run: ./gradlew shadowJar
- name: Build and publish Docker image
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
docker build --tag ${IMAGE} .
echo ${GITHUB_TOKEN} | docker login ghcr.io -u ${GITHUB_REPOSITORY} --password-stdin
docker push ${IMAGE}
- uses: nais/deploy/actions/deploy@v1
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: dev-gcp
VAR: image=${{ env.IMAGE }}
RESOURCE: nais/nais.yaml
VARS: nais/nais-dev.json
deploy-to-prod:
name: Deploy to prod
needs: deploy-to-dev
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v3
- uses: nais/deploy/actions/deploy@v1
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
VAR: image=${{ env.IMAGE }}
RESOURCE: nais/nais.yaml
VARS: nais/nais-prod.json
deploy-alerts:
name: Deploy alerts to prod
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: nais/deploy/actions/deploy@v1
env:
APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }}
CLUSTER: prod-gcp
RESOURCE: nais/alerts.yaml