wip

Author: luantr

.github/workflows/build-and-deploy.yaml

@@ -2,16 +2,83 @@ name: Build & Deploy
 on:
   push:
   workflow_dispatch:
-
+permissions:
+  actions: read
+  contents: write
+  security-events: write
+  packages: write
+  id-token: write
 jobs:
-  jar-app:
-    uses: navikt/teamesyfo-github-actions-workflows/.github/workflows/jar-app.yaml@main
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v4
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: kotlin
+      - uses: navikt/teamesyfo-github-actions-workflows/actions/gradle-cached@main
+      - run: ./gradlew shadowJar -x test
+        env:
+          ORG_GRADLE_PROJECT_githubUser: x-access-token
+          ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
+      - uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:kotlin"
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: navikt/teamesyfo-github-actions-workflows/actions/gradle-cached@main
+      - run: ./gradlew test
+        env:
+          ORG_GRADLE_PROJECT_githubUser: x-access-token
+          ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
     permissions:
-      actions: read
-      contents: write
-      security-events: write
       packages: write
+      contents: write
       id-token: write
-    secrets: inherit
-    with:
-      app: esyfovarsel
+    outputs:
+      image: ${{ steps.build-and-publish.outputs.image }}
+    steps:
+      - uses: navikt/teamesyfo-github-actions-workflows/actions/jar-to-docker@main
+        id: build-and-publish
+        with:
+          app: ${{ inputs.app }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  deploy-dev:
+    if: ${{ github.actor != 'dependabot[bot]' && github.ref_name == 'esyfo'}}
+    name: Deploy to dev
+    runs-on: ubuntu-latest
+    needs: [test, build]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: dev-gcp
+          RESOURCE: nais/nais-dev.yaml
+          VAR: image=${{ needs.build.outputs.image }}
+
+  deploy-prod:
+    if: github.ref_name == 'esyfo'
+    name: Deploy to prod
+    runs-on: ubuntu-latest
+    needs: [test, build]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: prod-gcp
+          RESOURCE: nais/nais-prod.yaml
+          VAR: image=${{ needs.build.outputs.image }}
+

.github/workflows/topic.yaml

@@ -0,0 +1,38 @@
+name: "Deploy topic"
+on:
+  push:
+    paths:
+      - nais/topics/**
+      - .github/workflows/topic.yaml
+jobs:
+  deploy-topic-to-dev:
+    if: github.ref == 'refs/heads/esyfo'
+    name: Deploy topic to dev
+    permissions:
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Deploy topic varselbus to dev
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: dev-gcp
+          RESOURCE: nais/topics/dinesykmeldte-lest-topic.yaml
+          VAR: kafka-pool=nav-dev
+
+  deploy-topic-to-prod:
+    if: github.ref == 'refs/heads/esyfo'
+    name: Deploy topic to prod
+    permissions:
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Deploy topic varselbus to prod
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: prod-gcp
+          RESOURCE: nais/topics/dinesykmeldte-lest-topic.yaml
+          VAR: kafka-pool=nav-prod

naiserator-prod.yaml nais/nais-prod.yaml

@@ -2,9 +2,9 @@ apiVersion: "nais.io/v1alpha1"
 kind: "Application"
 metadata:
   name: dinesykmeldte-backend
-  namespace: teamsykmelding
+  namespace: team-esyfo
   labels:
-    team: teamsykmelding
+    team: team-esyfo
 spec:
   image: {{ image }}
   gcp:

nais/topics/dinesykmeldte-lest-topic.yaml

@@ -0,0 +1,23 @@
+apiVersion: kafka.nais.io/v1
+kind: Topic
+metadata:
+  name: dinesykmeldte-lest-topic
+  namespace: team-esyfo
+  labels:
+    team: team-esyfo
+spec:
+  pool: {{ kafka_pool }}
+  config:
+    cleanupPolicy: delete
+    minimumInSyncReplicas: 2
+    partitions: 3
+    replication: 3
+    retentionBytes: -1  # Messages will never be deleted because of disk space
+    retentionHours: -1  # Messages will never be timed out
+  acl:
+    - team: team-esyfo
+      application: dinesykmeldte-backend
+      access: readwrite
+    - team: teamsykmelding
+      application: dinesykmeldte-backend
+      access: readwrite