.github/workflows/build-and-deploy.yml

name: Build and deploy
on:
  push:
    paths-ignore:
      - '**.md'
      - '.gitignore'
      - 'CODEOWNERS'
      - 'LICENCE'

    branches:
      - master

jobs:
  build-and-deploy:
    name: Build docker image and create issue
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: write
      id-token: write
      issues: write
    outputs:
      image: ${{ steps.docker-push.outputs.image }}
      image_version: ${{ steps.docker-push.outputs.tag }}
    steps:
      - name: Hente kode
        uses: actions/checkout@v4
      - name: Sette yarn-config
        run: |
          yarn config set npmScopes.navikt.npmRegistryServer "https://npm.pkg.github.com"
          yarn config set npmScopes.navikt.npmAlwaysAuth true
          yarn config set npmScopes.navikt.npmAuthToken $NPM_AUTH_TOKEN
        env:
          NPM_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
      - name: Sette opp Node
        uses: actions/setup-node@v4
        with:
          node-version: 22.x
          cache: yarn
      - name: Installere dependencies
        run: yarn workspaces focus k9-los-web
      - name: Tester
        run: yarn test --maxWorkers=2
      - name: Bygge kode
        run: yarn build
      - name: Opprett release med Sentry
        run: yarn sentry-release
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
        # Installerer dependencies for kun server, da det er det eneste som trenger å være med på docker imaget
      - name: Installere dependencies for server
        run: yarn workspaces focus @k9-los-web/server --production
      - uses: nais/docker-build-push@v0
        id: docker-push
        with:
          tag: 'latest'
          team: k9saksbehandling

      - name: Deploy k9-los-web til dev
        uses: nais/deploy/actions/deploy@v2
        env:
          PRINT_PAYLOAD: true
          CLUSTER: dev-gcp
          IMAGE: ${{ steps.docker-push.outputs.image }}
          RESOURCE: nais/k9-los-web.yml
          VARS: nais/dev-gcp.yml

      - name: Tag commit with dev
        if: success()
        uses: navikt/sif-gha-workflows/.github/actions/create-or-update-tag@main
        with:
          tag: dev
          sha: ${{ github.sha }}
          github_token: ${{ secrets.GITHUB_TOKEN }}

  verdikjede-tester:
    name: Verdikjedetester
    needs: [build-and-deploy]
    secrets: inherit
    permissions:
      id-token: write
      contents: read
      packages: read
    uses: navikt/sif-gha-workflows/.github/workflows/verdikjede-test-v2.yml@main
    with:
      suites: 'frontend-los'
      tag: ${{ needs.build-and-deploy.outputs.image_version}}
      image_version: ${{ needs.build-and-deploy.outputs.image_version}}

  compare-url-prod:
    name: Compare URL
    permissions:
      id-token: write
      contents: write
    if: github.ref_name == 'master'
    needs: [verdikjede-tester, build-and-deploy]
    runs-on: ubuntu-latest
    steps:
      - name: Compare URL
        id: compare
        uses: navikt/sif-gha-workflows/.github/actions/compare-commits@main
        with:
          base_commit: prod
          newest_commit: ${{ github.sha }}

  deploy-prod:
    name: Deploy prod
    permissions:
      id-token: write
      contents: write
    if: github.ref_name == 'master'
    environment: prod-gcp:k9saksbehandling
    needs: [verdikjede-tester, build-and-deploy, compare-url-prod]
    runs-on: ubuntu-latest
    steps:
      - name: Hente kode
        uses: actions/checkout@v4
      - name: Deploy k9-los-web til prod
        uses: nais/deploy/actions/deploy@v2
        env:
          PRINT_PAYLOAD: true
          CLUSTER: prod-gcp
          IMAGE: ${{ needs.build-and-deploy.outputs.image }}
          RESOURCE: nais/k9-los-web.yml
          VARS: nais/prod-gcp.yml
      - name: Tag commit with prod
        uses: navikt/sif-gha-workflows/.github/actions/create-or-update-tag@main
        if: success()
        with:
          tag: prod
          sha: ${{ github.sha }}
          github_token: ${{ secrets.GITHUB_TOKEN }}

  trivy:
    needs: [build-and-deploy]
    uses: navikt/sif-gha-workflows/.github/workflows/trivy.yml@main
    permissions:
      contents: write
      id-token: write
      security-events: write
      actions: read
    secrets: inherit
    with:
      image: ${{ needs.build-and-deploy.outputs.image }}
      team: k9saksbehandling