Skip to content
This repository has been archived by the owner on Sep 22, 2023. It is now read-only.
Build and deploy devrapid-git-push

Merge pull request #1 from nais/depsupping #77

Sign in to view logs

Merge pull request #1 from nais/depsupping

Merge pull request #1 from nais/depsupping #77

Workflow file for this run

.github/workflows/main.yaml at 65f79eb
name: "Build and deploy devrapid-git-push"
on:
push:
branches:
- "main"
env:
BASEIMAGE: "gcr.io/distroless/java17-debian11:nonroot"
jobs:
build:
name: "build"
runs-on: "ubuntu-latest"
permissions:
id-token: write
outputs:
tag: "${{ steps.docker-build-push.outputs.IMAGE }}"
steps:
- uses: "actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9" # ratchet:actions/checkout@v3
- name: Setup Gradle
uses: gradle/gradle-build-action@915a66c096a03101667f9df2e56c9efef558b165 # ratchet:gradle/gradle-build-action@v2
with:
dependency-graph: generate-and-submit
- uses: "gradle/wrapper-validation-action@8d49e559aae34d3e0eb16cde532684bc9702762b" # ratchet:gradle/wrapper-validation-action@v1
- uses: "actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8" # ratchet:actions/cache@v3
with:
"path": "~/.gradle/caches"
"key": "${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle.kts') }}"
"restore-keys": "${{ runner.os }}-gradle-"
- uses: "actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2" # ratchet:actions/setup-java@v3
with:
"java-version": "17"
- name: "compile and run tests"
run: "./gradlew build"
- name: "Create SBOM"
run: ./gradlew cyclonedxBom
- name: Install cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # ratchet:sigstore/cosign-installer@main
with:
cosign-release: 'v2.0.0'
- name: Verify distroless base image
run: cosign verify --certificate-identity "keyless@distroless.iam.gserviceaccount.com" --certificate-oidc-issuer "https://accounts.google.com" $BASEIMAGE
- uses: nais/docker-build-push@c1d05d5a796be7b24d59a2e76851acdcdbcaff7a # ratchet:nais/docker-build-push@v0
id: docker-build-push
name: Build and push Docker image
with:
team: nais-analyse
pull: true
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
byosbom: build/reports/bom.json
deployToProd:
name: "Deploy to prod"
needs:
- "build"
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9" # ratchet:actions/checkout@v3
- name: "Deploy to prod-gcp"
uses: "nais/deploy/actions/deploy@913eb0f92e9d132dbe0cbba3390a340675849f30" # ratchet:nais/deploy/actions/deploy@v1
env:
"APIKEY": "${{ secrets.NAIS_DEPLOY_APIKEY }}"
"CLUSTER": "prod-gcp"
"RESOURCE": ".nais/nais.yaml,.nais/topic.yaml"
"VARS": ".nais/prod.yaml"
"IMAGE": "${{ needs.build.outputs.tag }}"