Merge branch 'master' into release

statisticsnorway · Oct 10, 2024 · c345288 · c345288
2 parents 7c17a8c + f1629e7
commit c345288
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 29 deletions.
diff --git a/.github/workflows/build-app.yml b/.github/workflows/build-app.yml
@@ -19,6 +19,9 @@ on:
       - ".mvn"
       - ".gitignore"
 
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker/maskinporten-guardian
+
 jobs:
   build-test:
     name: Build and test with Maven
@@ -36,14 +39,27 @@ jobs:
           java-version: 21
           distribution: temurin
           cache: maven
+
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com"
+          token_format: access_token
+
+      - name: Login to Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
 
       - name: Maven build and install
         run: mvn --batch-mode clean install
 
-  deploy:
+  deploy-gatekeeper:
     name: Deploy to NAIS test cluster
     if: ${{github.event_name == 'push'}}
     needs: build-test
-    uses: ./.github/workflows/build-deploy.yml
-    with:
-      commit-sha: ${{ github.sha }}
+    uses: ./.github/workflows/build-deploy-gatekeeper.yml
diff --git a/.github/workflows/build-deploy-gatekeeper.yml b/.github/workflows/build-deploy-gatekeeper.yml
@@ -0,0 +1,14 @@
+on:
+  release:
+    types: [ published ]
+  workflow_call:
+
+jobs:
+  deploy-prod:
+    name: Deploy to NAIS production cluster
+    if: github.head_ref == 'release' && github.event.pull_request.merged == true
+    uses: ./.github/workflows/publish-release.yml
+  deploy-test:
+    name: Deploy to NAIS test cluster
+    if: github.head_ref != 'release'
+    uses: ./.github/workflows/build-deploy.yml
diff --git a/.github/workflows/build-deploy.yml b/.github/workflows/build-deploy.yml
@@ -2,11 +2,6 @@ on:
   release:
     types: [ published ]
   workflow_call:
-    inputs:
-      commit-sha:
-        description: Commit SHA from the caller
-        required: true
-        type: string
 
 env:
   REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker/maskinporten-guardian
@@ -69,7 +64,7 @@ jobs:
             tags=${latest},${semver},${major_minor_version},${major_version}
             echo "tags=${tags}" >> "$GITHUB_OUTPUT"
           else
-            git_sha_short="$(git rev-parse --short ${{inputs.commit-sha}})"
+            git_sha_short="$(git rev-parse --short ${{github.sha}})"
             current_sha_tag=${REGISTRY}/${IMAGE}:${{github.event.repository.default_branch}}-$git_sha_short
             latest=${REGISTRY}/${IMAGE}:latest
 
@@ -81,9 +76,7 @@ jobs:
       
       - name: Maven build and install
         run: |
-          if [ ${{ github.event_name }} == "workflow_call" ]; then
-            mvn --batch-mode -P artifact-registry deploy
-          fi
+          mvn --batch-mode -P artifact-registry deploy
     
       - name: Docker meta
         id: docker_metadata

diff --git a/.github/workflows/mvn-release.yml b/.github/workflows/mvn-release.yml
@@ -60,7 +60,7 @@ jobs:
           VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | sed "s/-SNAPSHOT//")
           echo "version=${VERSION}" >> $GITHUB_OUTPUT
           # Perform the release/deploy and increment the version to the next snapshot
-          mvn --batch-mode release:prepare -P github,artifact-registry -Darguments="-Dmaven.test.skip=true -Dmaven.deploy.skip=true"
+          mvn --batch-mode release:prepare -P github -Darguments="-Dmaven.test.skip=true -Dmaven.deploy.skip=true"
           mvn --batch-mode release:perform
           TAG=$(git describe --abbrev=0 --tags)
           echo "tag=${TAG}" >> $GITHUB_OUTPUT
@@ -88,7 +88,7 @@ jobs:
       - name: Create a pull request with the changes in the branch
         run: |
           pr_title="Release ${{steps.release_artifact.outputs.tag}}"
-          pr_body="This PR is autogenerated by a workflow. A release draft has been created and should be published after merging."
+          pr_body="This PR is autogenerated by a workflow. A release draft has been created and will be published after merging."
           gh pr create --title "$pr_title" --body "$pr_body" --head $(git branch --show-current)
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
@@ -1,24 +1,11 @@
 name: Publish release
 
 on:
-  pull_request:
-    types:
-      - closed
-    branches:
-      - master
-    paths-ignore:
-      - "**/*.md"
-      - "Makefile"
-      - ".mvn"
-      - ".gitignore"
+  workflow_call:
   workflow_dispatch:
 
 jobs:
   publish-release:
-    if: |
-      (github.head_ref == 'release' && github.event.pull_request.merged == true) ||
-      github.event_name == 'workflow_dispatch'
-
     runs-on: ubuntu-latest
     permissions:
       contents: write