diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index aa9afdc2..33601500 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -13,8 +13,8 @@ jobs: name: Jest tests runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: node-version: 'lts/*' cache: "npm" @@ -36,16 +36,16 @@ jobs: install: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Cache node_modules - uses: actions/cache@v3 + uses: actions/cache@v4 id: node_modules with: path: ./node_modules key: modules-${{ hashFiles('package-lock.json') }} - - uses: actions/setup-node@v3 + - uses: actions/setup-node@v4 if: steps.node_modules.outputs.cache-hit != 'true' with: node-version: 'lts/*' @@ -61,21 +61,22 @@ jobs: needs: [ install ] runs-on: ubuntu-latest permissions: - packages: write + contents: read + id-token: write steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: node-version: "lts/*" - name: Cache node_modules - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ./node_modules key: modules-${{ hashFiles('package-lock.json') }} - name: Cache .next/cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ./.next/cache # Generate a new cache whenever packages or source files change. @@ -86,40 +87,40 @@ jobs: - run: npm run build # Bygg docker image - - uses: docker/setup-buildx-action@v2 - - uses: docker/login-action@v1 + - name: docker-build-push + uses: nais/docker-build-push@v0 + id: docker-build-push with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/build-push-action@v3 - with: - context: . - push: true - pull: true - tags: ${{ env.IMAGE }},${{ env.LATEST_IMAGE }} - cache-from: type=gha - cache-to: type=gha,mode=max + team: teamdagpenger + tag: ${{ github.sha }} + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + salsa: false - name: Cache static files uses: actions/cache@v3 with: path: ./.next/static key: ${{ github.sha }} + outputs: + image: ${{ steps.docker-build-push.outputs.image }} + digest: ${{ steps.docker-build-push.outputs.digest }} deploy-dev-gcp: name: Deploy to dev gcp - needs: [build, jest-test] + needs: [ build, jest-test ] runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - - uses: actions/checkout@v3 - - uses: nais/deploy/actions/deploy@v1 + - uses: actions/checkout@v4 + - uses: nais/deploy/actions/deploy@v2 env: - APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} CLUSTER: dev-gcp RESOURCE: nais/nais.yaml VARS: nais/dev-gcp/vars.yaml + VAR: KAFKA_POOL=nav-dev,image=${{ needs.build.outputs.image }} PRINT_PAYLOAD: true - name: Lag deployment i Sentry @@ -137,17 +138,20 @@ jobs: deploy-prod-gcp: name: Deploy to prod gcp - needs: [deploy-dev-gcp] + needs: [ build, deploy-dev-gcp ] if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest + permissions: + contents: read + id-token: write steps: - - uses: actions/checkout@v3 - - uses: nais/deploy/actions/deploy@v1 + - uses: actions/checkout@v4 + - uses: nais/deploy/actions/deploy@v2 env: - APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} CLUSTER: prod-gcp RESOURCE: nais/nais.yaml VARS: nais/prod-gcp/vars.yaml + VAR: image=${{ needs.build.outputs.image }} PRINT_PAYLOAD: true - name: Lag deployment i Sentry