From d5871a18519b95d401dfc65f7b18f4fe3da3c20b Mon Sep 17 00:00:00 2001 From: Michael Moen Allport Date: Wed, 2 Oct 2024 17:48:42 +0200 Subject: [PATCH] Modularize release. Remove 'ssb-bip' profile --- .github/workflows/build-and-deploy.yml | 154 ------------------------- .github/workflows/build.yml | 146 +++++++++++++++++++++++ .github/workflows/deploy.yml | 37 ++++++ .github/workflows/release-docker.yml | 98 ++++++++++++++++ .github/workflows/release.yml | 60 +++++----- .github/workflows/run-tests.yml | 25 ---- .nais/dev.yaml | 16 --- pom.xml | 44 ++++--- 8 files changed, 333 insertions(+), 247 deletions(-) delete mode 100644 .github/workflows/build-and-deploy.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/deploy.yml create mode 100644 .github/workflows/release-docker.yml delete mode 100644 .github/workflows/run-tests.yml delete mode 100644 .nais/dev.yaml diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml deleted file mode 100644 index a5fe111..0000000 --- a/.github/workflows/build-and-deploy.yml +++ /dev/null @@ -1,154 +0,0 @@ -# This workflow will build and push a new Docker image to the default Artifact Registry in SSB. -# -# Overview: -# 1. Authenticate to Google Cloud -# 2. Authenticate to Artifact Registry -# 3. Build and publish a docker image to Google Artifact Registry -# -# To configure this workflow: -# 1. Change the values for the IMAGE_NAME and TEAM_NAME environment variables (below). -# 2. The image will be tagged with the git commit hash and latest. To override the default tags, add tags to the build_metadata step. -# -# This workflow is tailored for SSBĀ“s setup, however if you wish to use this in a non SSB context ensure/change the following: -# 1. Create GitHub secrets for GAR_PROJECT_NUMBER and GAR_PROJECT_ID (Number and ID for the Artifact Registry project). -# 2. Create and configure Workload Identity Federation for GitHub. - -name: Image Build and Deploy - -on: - push: - branches: - - master - paths: - - .github/** - - src/** - - conf/** - - Dockerfile - - pom.xml - release: - types: [ published ] - workflow_dispatch: - -env: - REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker - IMAGE: maskinporten-guardian - -jobs: - docker-build: - name: Docker build - permissions: - contents: "read" - id-token: "write" - runs-on: ubuntu-latest - outputs: - image: ${{ env.DOCKER_IMAGE }} - image-digest: ${{ steps.docker_build.outputs.digest }} - steps: - - name: Setup Maven Action # Composite action - uses: s4u/setup-maven-action@v1.7.0 - with: - java-version: 21 - java-distribution: zulu - maven-version: 3.9.9 - - - name: Set docker image env var - run: | - echo "DOCKER_IMAGE=${REGISTRY}/${IMAGE}" >> $GITHUB_ENV - - name: "Authenticate to Google Cloud" - id: "auth" - uses: "google-github-actions/auth@v2.1.3" - with: - workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions" - service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com" - token_format: "access_token" - - - name: Login to registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: "oauth2accesstoken" - password: "${{ steps.auth.outputs.access_token }}" - - - name: Build with Maven and deploy to Artifact Registry - run: mvn --batch-mode -P ssb-bip deploy - - - name: Clean up artifacts that are no longer needed - run: | - rm -f target/maskinporten-guardian-*-sources.jar - rm -f target/maskinporten-guardian-*-javadoc.jar - ls -al target/maskinporten-guardian-*.jar - - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to Artifact Registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: "oauth2accesstoken" - password: "${{ steps.auth.outputs.access_token }}" - - - name: Docker meta - id: metadata - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE }} - # Docker tags based on the following events/attributes - tags: | - type=ref,event=branch - type=ref,event=pr,suffix=-${{ github.event.pull_request.head.sha }} - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value={{branch}}-{{sha}}-{{date 'YYYYMMDDHHmmss'}},enable={{is_default_branch}} - type=semver,pattern=v{{version}} - type=semver,pattern=v{{major}}.{{minor}} - type=semver,pattern=v{{major}} - - - name: Build and push - id: docker_build - uses: docker/build-push-action@v4 - with: - file: Dockerfile - push: true - context: . - tags: | - ${{ steps.metadata.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - - - name: Image digest - run: echo ${{ steps.docker_build.outputs.digest }} - - deploy-test: - name: Deploy to NAIS test cluster - if: ${{ github.event_name != 'release' }} - runs-on: ubuntu-latest - needs: docker-build - permissions: - contents: "read" - id-token: "write" - steps: - - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: test - RESOURCE: .nais/test.yaml - VAR: image=${{ needs.docker-build.outputs.image }}:latest - DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443 - - deploy-prod: - name: Deploy to NAIS production cluster - if: ${{ github.event_name == 'release' }} - runs-on: ubuntu-latest - needs: docker-build - permissions: - contents: "read" - id-token: "write" - steps: - - uses: actions/checkout@v4 - - uses: nais/deploy/actions/deploy@v2 - env: - CLUSTER: prod - RESOURCE: .nais/prod.yaml - VAR: image=${{ needs.docker-build.outputs.image }}:${{github.event.ref}} - ## github.event.ref = release version (e.g. v3.2.4) - DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..a2dd2c5 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,146 @@ +name: Build + +on: + push: + branches: + - master + paths-ignore: + - "**/*.md" + - "Makefile" + - ".mvn" + - ".gitignore" + + pull_request: + branches: + - master + paths-ignore: + - "**/*.md" + - "Makefile" + - ".mvn" + - ".gitignore" + +env: + REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker + IMAGE: maskinporten-guardian + +jobs: + build-test: + name: Build and test with Maven + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + + outputs: + image: ${{ steps }} + image-tag: ${{ github.event.base_ref }} + + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 21 + uses: actions/setup-java@v4 + with: + java-version: 21 + distribution: temurin + cache: maven + + - name: Maven build and install + run: mvn --batch-mode clean install + + + build-push: + name: Push image to Artifact Registry + if: ${{github.event_name != 'pull_request'}} + needs: build-test + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + + outputs: + image: ${{ env.REGISTRY }}/${{ env.IMAGE }} + image-tag: ${{steps.image_tag.outputs.full_image_tag}} + + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 21 + uses: actions/setup-java@v4 + with: + java-version: 21 + distribution: temurin + cache: maven + + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions" + service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com" + token_format: access_token + + - name: Maven build, install and push artifacts + run: mvn --batch-mode -P artifact-registry deploy + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Set image tag + id: image_tag + run: | + git_sha_short=${git rev-parse --short "$GITHUB_SHA"} + branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} + echo "git_sha_short=${git_sha_short}" >> "$GITHUB_OUTPUT" + echo "full_image_tag=${branch}-{git_sha_short}" >> "$GITHUB_OUTPUT" + + - name: Login to Artifact Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: "oauth2accesstoken" + password: "${{ steps.auth.outputs.access_token }}" + + - name: Extract build metadata for Docker + id: build_metadata + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE }} + tags: | + type=ref,event=branch + type=ref,event=pr,suffix=-${{ steps.image_tag.outputs.git_sha_short }} + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{steps.image_tag.outputs.full_image_tag}},enable={{is_default_branch}} + type=semver,pattern=v{{version}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{major}} + + - name: Build and push docker image to Artifact Registry + id: docker_build + uses: docker/build-push-action@v5 + if: github.event_name != 'pull_request' + with: + context: . + file: Dockerfile + push: true + tags: ${{ steps.build_metadata.outputs.tags }} + labels: ${{ steps.build_metadata.outputs.labels }} + + deploy: + name: Deploy to NAIS test cluster + if: ${{github.event_name != 'pull_request'}} + needs: build-push + runs-on: ubuntu-latest + permissions: + contents: "read" + id-token: "write" + + steps: + - uses: actions/checkout@v4 + - uses: ./.github/workflows/deploy.yml + with: + image: ${{needs.build-push.outputs.image}} + image-tag: ${{needs.build-push.outputs.image-tag}} + cluster: test + nais-config-path: .nais/test.yaml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..201cde4 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,37 @@ +name: Deploy + +on: + workflow_call: + inputs: + image: + description: Image on the form // + required: true + type: string + image-tag: + description: Image tag + required: true + type: string + cluster: + description: NAIS cluster environment + required: true + type: string + nais-config-path: + description: Path to the NAIS configuration file + required: true + type: string + +jobs: + deploy: + name: Deploy to NAIS cluster + runs-on: ubuntu-latest + permissions: + contents: "read" + id-token: "write" + steps: + - uses: actions/checkout@v4 + - uses: nais/deploy/actions/deploy@v2 + env: + CLUSTER: ${{ inputs.cluster }} + RESOURCE: ${{ inputs.nais-config-path }} + VAR: image=${{ inputs.image }}:${{ inputs.image-tag }}} + DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443 diff --git a/.github/workflows/release-docker.yml b/.github/workflows/release-docker.yml new file mode 100644 index 0000000..f26b48b --- /dev/null +++ b/.github/workflows/release-docker.yml @@ -0,0 +1,98 @@ +name: Release docker image + +on: + release: + types: [ published ] + +env: + REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker + IMAGE: maskinporten-guardian + +jobs: + release-docker: + name: Push image to Artifact Registry + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + + outputs: + image: ${{ env.REGISTRY }}/${{ env.IMAGE }} + image-tag: v${{github.event.release.tag_name }} + + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 21 + uses: actions/setup-java@v4 + with: + java-version: 21 + distribution: temurin + cache: maven + + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions" + service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com" + token_format: access_token + + - name: Login to Artifact Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: "oauth2accesstoken" + password: "${{ steps.auth.outputs.access_token }}" + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Set image tag + id: image_tag + run: | + git_sha_short=${git rev-parse --short "$GITHUB_SHA"} + branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} + echo "git_sha_short=${git_sha_short}" >> "$GITHUB_OUTPUT" + echo "full_image_tag=${branch}-{git_sha_short}" >> "$GITHUB_OUTPUT" + + - name: Extract build metadata for Docker + id: build_metadata + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE }} + tags: | + type=ref,event=branch + type=ref,event=pr,suffix=-${{ steps.image_tag.outputs.git_sha_short }} + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{steps.image_tag.outputs.full_image_tag}},enable={{is_default_branch}} + type=semver,pattern=v{{version}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{major}} + + - name: Build and push docker image to Artifact Registry + id: docker_build + uses: docker/build-push-action@v5 + with: + context: . + file: Dockerfile + push: true + tags: ${{ steps.build_metadata.outputs.tags }} + labels: ${{ steps.build_metadata.outputs.labels }} + deploy: + name: Deploy to NAIS prod cluster + needs: release-docker + runs-on: ubuntu-latest + permissions: + contents: "read" + id-token: "write" + + steps: + - uses: actions/checkout@v4 + - uses: ./.github/workflows/deploy.yml + with: + image: ${{needs.release-docker.outputs.image}} + image-tag: ${{needs.release-docker.outputs.image-tag}} + cluster: prod + nais-config-path: .nais/prod.yaml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index db32390..9f551a5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,10 @@ on: branches: - release +env: + REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker + IMAGE: maskinporten-guardian + jobs: release: runs-on: ubuntu-latest @@ -14,80 +18,70 @@ jobs: packages: write steps: - - uses: actions/create-github-app-token@v1 + - name: Create DaplaBot app token + uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ secrets.DAPLA_BOT_APP_ID }} private-key: ${{ secrets.DAPLA_BOT_PRIVATE_KEY }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: token: ${{ steps.app-token.outputs.token }} - ref: refs/heads/master - - - name: Install Maven - run: | - MAVEN_VERSION=3.9.9 - wget https://downloads.apache.org/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz - tar xzvf apache-maven-$MAVEN_VERSION-bin.tar.gz - sudo mv apache-maven-$MAVEN_VERSION /opt/maven - sudo rm -f /usr/bin/mvn # Remove existing symbolic link if it exists - sudo ln -s /opt/maven/bin/mvn /usr/bin/mvn # Create new symbolic link - name: Set up JDK 21 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 21 - distribution: zulu - server-id: github + distribution: temurin + cache: maven + overwrite-settings: false - name: Authenticate to Google Cloud id: auth - uses: google-github-actions/auth@v1.1.1 + uses: google-github-actions/auth@v2 with: workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions" service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com" token_format: access_token - - name: Cache Maven packages - uses: actions/cache@v3 - with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 - - name: Configure Git user run: | - git config user.name "dapla-bot[bot]" - git config user.email "143391972+dapla-bot[bot]@users.noreply.github.com" + git config user.email "dapla-bot[bot]" + git config user.name "143391972+dapla-bot[bot]@users.noreply.github.com" - name: Setup Maven authentication to GitHub packages - uses: s4u/maven-settings-action@v2.8.0 - id: maven_settings + uses: s4u/maven-settings-action@v3.0.0 with: + override: true + githubServer: false servers: '[{"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]' - name: Maven release and deploy to GitHub packages - id: release_jar + id: release_artifact env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} + MAVEN_USERNAME: ${env.GITHUB_ACTOR} + MAVEN_PASSWORD: ${env.GITHUB_TOKEN} run: | + git config user.name "dapla-bot[bot]" + git config user.email "143391972+dapla-bot[bot]@users.noreply.github.com" # Get the release version from the pom.xml before the next snapshot increment VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout | sed "s/-SNAPSHOT//") echo "version=${VERSION}" >> $GITHUB_OUTPUT # Perform the release/deploy and increment the version to the next snapshot - mvn --batch-mode release:prepare -Darguments="-Dmaven.deploy.skip=true -DskipTests" + mvn --batch-mode release:prepare -P github -Darguments="-Dmaven.test.skip=true -Dmaven.deploy.skip=true" mvn --batch-mode release:perform TAG=$(git describe --abbrev=0 --tags) echo "tag=${TAG}" >> $GITHUB_OUTPUT - name: Create GitHub release draft - uses: release-drafter/release-drafter@v5 + uses: release-drafter/release-drafter@v6 id: create_github_release env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} with: - tag: ${{ steps.release_jar.outputs.tag }} + tag: ${{ steps.release_artifact.outputs.tag }} - name: Upload assets to GitHub release draft env: @@ -95,7 +89,7 @@ jobs: run: | ARTIFACT_ID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout) # Get all files matching the artifact id and version (source, javadoc, etc.) - ARTIFACT_GLOB=(./target/$ARTIFACT_ID-${{ steps.release_jar.outputs.version }}*.jar) + ARTIFACT_GLOB=(./target/$ARTIFACT_ID-${{ steps.release_artifact.outputs.version }}*.jar) for file in "${ARTIFACT_GLOB[@]}"; do echo "Uploading $file" gh release upload ${{ steps.create_github_release.outputs.tag_name }} $file @@ -106,4 +100,4 @@ jobs: env: GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} with: - release_id: ${{ steps.create_github_release.outputs.id }} + release_id: ${{ steps.create_github_release.outputs.id }} \ No newline at end of file diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml deleted file mode 100644 index de5f64c..0000000 --- a/.github/workflows/run-tests.yml +++ /dev/null @@ -1,25 +0,0 @@ - -name: Run tests - -on: - push: - branches: - - '!release' - paths-ignore: - - README.md - -jobs: - build-branch: - runs-on: ubuntu-latest - timeout-minutes: 20 - steps: - - - name: Setup Maven Action # Composite action - uses: s4u/setup-maven-action@v1.7.0 - with: - java-version: 21 - java-distribution: zulu - maven-version: 3.9.9 - - - name: Build with Maven and test - run: mvn --batch-mode -P ssb-bip verify test diff --git a/.nais/dev.yaml b/.nais/dev.yaml deleted file mode 100644 index 9ad5794..0000000 --- a/.nais/dev.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: nais.io/v1alpha1 -kind: Application -metadata: - name: maskinporten-guardian - namespace: dapla-stat -spec: - image: {{image}} - port: 8080 - ttl: 3h - replicas: - max: 1 - min: 1 - resources: - requests: - cpu: 50m - memory: 500Mi \ No newline at end of file diff --git a/pom.xml b/pom.xml index c8d450c..8a18165 100644 --- a/pom.xml +++ b/pom.xml @@ -445,25 +445,31 @@ - ssb-bip - - - artifact-registry - artifactregistry://europe-north1-maven.pkg.dev/artifact-registry-5n/dapla-stat-maven/maskinporten-guardian - - - artifact-registry - artifactregistry://europe-north1-maven.pkg.dev/artifact-registry-5n/dapla-stat-maven/maskinporten-guardian - - - + github + + + github + GitHub Packages + https://maven.pkg.github.com/${github.repository} + + + + + artifact-registry + + + artifact-registry + ${artifact-registry.url} + + + artifact-registry-snapshots + ${artifact-registry.url} + + + + true + + - - - github - GitHub Packages - https://maven.pkg.github.com/${github.repository} - -