Oppdaterer failover-config

Author: terjeofnorway

.failover/Dockerfile

@@ -12,17 +12,20 @@ ARG GITHUB_PAT
 ARG SERVICE_SECRET
 ARG ENV_FILE
 
-COPY package*.json /failover/.npmrc /app/
-COPY server /app/server/
+COPY package*.json .failover/.npmrc /app/
+
+COPY packages/server /app/packages/server/
+COPY packages/nextjs /app/packages/nextjs/
+COPY packages/shared /app/packages/shared/
 
 RUN npm ci --ignore-scripts
 RUN rm -f .npmrc
 
-COPY public /app/public/
-COPY src /app/src/
-COPY shared /app/shared/
-COPY next.config.js tsconfig.json .eslintrc.json /app/
-COPY "/failover/$ENV_FILE" /app/.env
+COPY ".failover/${ENV_FILE}" /app/.env
+# Also copy this .env file to the nextjs and server packages so they can
+# pick the environment variables as needed.
+COPY /app/.env /app/packages/nextjs/.env
+COPY /app/.env /app/packages/server/.env
 
 RUN npm run build
 

.failover/build-dev-failover-image.sh

@@ -2,10 +2,13 @@
 
 # Script for building failover-images for dev-environments
 # Usage: "build-dev-failover-image.sh <dev1|dev2> <image name>"
-# XP service secret should be put in the appropriate file (.secret-dev1|.secret-dev2)
-# You also need a Github PAT with repo and packages write access in the .github-token
-# file at the root of the project
-# Take care not to expose secrets!
+#
+# About secrets:
+# As NPM packages with ie post-install scripts could potentially sniff and compromise secrets,
+# we need to read secrets from environment variables. These variables should be set using
+# ie. 1Password CLI or similar.
+#
+# The secrets are: NAV_ENONICXP_DEV1, NAV_ENONICXP_DEV2 AND GITHUB_PAT.
 #
 # Once the image is built, use the relevant deploy action on Github with the chosen
 # image name to deploy
@@ -24,20 +27,18 @@ fi
 if [[ "$APP_ENV" == "dev1" ]]
 then
   echo "Building image $IMAGE_NAME for dev1"
-  SERVICE_SECRET=$(<.secret-dev1)
+  SERVICE_SECRET=$NAV_ENONICXP_DEV1
   ENV_FILE=".env-dev1"
 elif [[ "$APP_ENV" == "dev2" ]]
 then
   echo "Building image $IMAGE_NAME for dev2"
-  SERVICE_SECRET=$(<.secret-dev2)
+  SERVICE_SECRET=$NAV_ENONICXP_DEV2
   ENV_FILE=".env-dev2"
 else
   echo "Invalid ENV specified, aborting"
   exit
 fi
 
-GITHUB_PAT=$(<../.github-token)
-
 IMAGE_NAME_FULL="ghcr.io/navikt/nav-enonicxp-frontend:$IMAGE_NAME"
 
 docker build -f Dockerfile -t "$IMAGE_NAME_FULL" --no-cache --build-arg ENV_FILE="$ENV_FILE" --build-arg SERVICE_SECRET="$SERVICE_SECRET" --build-arg GITHUB_PAT="$GITHUB_PAT" ../.

.failover/testfile.env

@@ -0,0 +1 @@
+testfile

README.md

@@ -72,8 +72,8 @@ og servere denne som en fallback.
 
 Failover deployes ikke automatisk til dev-miljøer. For å bygge og deploye til et dev-miljø, gjør følgende:
 
--   Legg inn relevante secrets lokalt som spesifisert i kommentarer i `/failover/build-dev-failover-image.sh`
--   Kjør `/failover/build-dev-failover-image.sh <dev1|dev2> <image-navn>`
+-   Legg inn relevante secrets lokalt som spesifisert i kommentarer i `.failover/build-dev-failover-image.sh`
+-   Kjør `./.failover/build-dev-failover-image.sh <dev1|dev2> <image-navn>`
 -   Vent på at imaget bygges (det tar normalt 15-20 min)
 -   Kjør Github workflow'en `deploy-failover.dev` med dev-miljøet og image-navnet du valgte som input