statisticsnorway
diff --git a/‎.github/labels.yml
+66 b/‎.github/labels.yml
+66
diff --git a/‎.github/release-drafter.yml
+59 b/‎.github/release-drafter.yml
+59
diff --git a/‎.github/workflows/build-deploy.yml
+142 b/‎.github/workflows/build-deploy.yml
+142
diff --git a/‎.github/workflows/build-test.yml
+49 b/‎.github/workflows/build-test.yml
+49
diff --git a/‎.github/workflows/deploy-to-nais.yml
+33 b/‎.github/workflows/deploy-to-nais.yml
+33
diff --git a/‎.github/workflows/labeler.yml
+19 b/‎.github/workflows/labeler.yml
+19
@@ -0,0 +1,66 @@
+---
+# Labels names are important as they are used by Release Drafter to decide
+# regarding where to record them in changelog or if to skip them.
+#
+# The repository labels will be automatically configured using this file and
+# the GitHub Action https://github.com/marketplace/actions/github-labeler.
+- name: breaking
+  description: Breaking Changes
+  color: bfd4f2
+- name: bug
+  description: Something isn't working
+  color: d73a4a
+- name: build
+  description: Build System and Dependencies
+  color: bfdadc
+- name: ci
+  description: Continuous Integration
+  color: 4a97d6
+- name: dependencies
+  description: Pull requests that update a dependency file
+  color: 0366d6
+- name: documentation
+  description: Improvements or additions to documentation
+  color: 0075ca
+- name: duplicate
+  description: This issue or pull request already exists
+  color: cfd3d7
+- name: enhancement
+  description: New feature or request
+  color: a2eeef
+- name: github_actions
+  description: Pull requests that update Github_actions code
+  color: "000000"
+- name: good first issue
+  description: Good for newcomers
+  color: 7057ff
+- name: help wanted
+  description: Extra attention is needed
+  color: 008672
+- name: invalid
+  description: This doesn't seem right
+  color: e4e669
+- name: performance
+  description: Performance
+  color: "016175"
+- name: python
+  description: Pull requests that update Python code
+  color: 2b67c6
+- name: question
+  description: Further information is requested
+  color: d876e3
+- name: refactoring
+  description: Refactoring
+  color: ef67c4
+- name: removal
+  description: Removals and Deprecations
+  color: 9ae7ea
+- name: style
+  description: Style
+  color: c120e5
+- name: testing
+  description: Testing
+  color: b1fc6f
+- name: wontfix
+  description: This will not be worked on
+  color: ffffff
@@ -0,0 +1,59 @@
+categories:
+  - title: ":boom: Breaking Changes"
+    label: "breaking"
+  - title: ":rocket: Features"
+    label: "enhancement"
+  - title: ":fire: Removals and Deprecations"
+    label: "removal"
+  - title: ":beetle: Fixes"
+    label: "bug"
+  - title: ":racehorse: Performance"
+    label: "performance"
+  - title: ":rotating_light: Testing"
+    label: "testing"
+  - title: ":construction_worker: Continuous Integration"
+    label: "ci"
+  - title: ":books: Documentation"
+    label: "documentation"
+  - title: ":hammer: Refactoring"
+    label: "refactoring"
+  - title: ":lipstick: Style"
+    label: "style"
+  - title: ":package: Dependencies"
+    labels:
+      - "dependencies"
+      - "build"
+
+autolabeler:
+  - label: 'documentation'
+    branch:
+      - '/docs{0,1}\/.+/'
+  - label: 'bug'
+    branch:
+      - '/fix\/.+/'
+    title:
+      - '/fix/i'
+  - label: 'enhancement'
+    branch:
+      - '/feat\/.+/'
+    body:
+      - '/JIRA-[0-9]{1,4}/'
+  - label: 'refactoring'
+    branch:
+      - '/refactor\/.+/'
+    title:
+      - '/^refactor/i'
+  - label: 'testing'
+    branch:
+      - '/test\/.+/'
+  - label: 'breaking'
+    title:
+      - '/breaking change/i'
+  - label: 'ci'
+    files:
+      - '.github/*'
+
+template: |
+  ## Changes
+
+  $CHANGES
@@ -0,0 +1,142 @@
+## This workflow is either triggered when:
+on:
+  release:
+    types: [ published ]
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - "**/*.md"
+      - "Makefile"
+      - ".mvn"
+      - ".gitignore"
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker/maskinporten-guardian
+  IMAGE: maskinporten-guardian
+
+jobs:
+  setup-build-push-deploy:
+    name: Set up variables to build/push or deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    
+    outputs:
+      nais-image: ${{steps.image-tag.outputs.nais_image}}
+      nais-cluster: ${{steps.nais-deploy-vars.outputs.cluster}}
+      nais-config-path: ${{steps.nais-deploy-vars.outputs.nais_config_path}}
+      tags: ${{steps.image-tag.outputs.tags}}
+
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Generate image tags
+        id: image-tag
+        run: |
+          if [ ${{ github.event_name }} == "release" ]; then
+            RELEASE_VERSION=${GITHUB_REF#refs/*/}
+            semver=${REGISTRY}/${IMAGE}:v${RELEASE_VERSION}
+            major_minor_version=${REGISTRY}/${IMAGE}:v$(echo "$RELEASE_VERSION" | cut -d'.' -f1-2)
+            major_version=${REGISTRY}/${IMAGE}:v$(echo "$RELEASE_VERSION" | cut -d'.' -f1)
+            latest=${REGISTRY}/${IMAGE}:latest
+
+            ## NAIS image is the image used by NAIS for deployment
+            echo "nais_image=${semver}" >> "$GITHUB_OUTPUT"
+
+            tags=${latest},${semver},${major_minor_version},${major_version}
+            echo "tags=${tags}" >> "$GITHUB_OUTPUT"
+          else
+            git_sha_short="$(git rev-parse --short ${{github.sha}})"
+            current_sha_tag=${REGISTRY}/${IMAGE}:${{github.event.repository.default_branch}}-$git_sha_short
+            latest=${REGISTRY}/${IMAGE}:latest
+
+            ## NAIS image is the image used by NAIS for deployment
+            echo "nais_image=${current_sha_tag}" >> "$GITHUB_OUTPUT"
+            tags=${latest},${current_sha_tag}
+            echo "tags=${tags}" >> "$GITHUB_OUTPUT"
+          fi
+      
+      - name: Generate NAIS deploy variables
+        id: nais-deploy-vars
+        run: |
+          if [[ ${{github.event_name}} == "release" ]]; then
+            echo "cluster=prod" >> "$GITHUB_OUTPUT"
+            echo "nais_config_path=.nais/prod.yaml" >> "$GITHUB_OUTPUT"
+          else
+            echo "cluster=test" >> "$GITHUB_OUTPUT"
+            echo "nais_config_path=.nais/test.yaml" >> "$GITHUB_OUTPUT"
+          fi
+
+  build-push:
+    name: Build and push to registries
+    # If triggering event is release, the commits on 'master' should build
+    # the image
+    needs: setup-build-push-deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: temurin
+          cache: maven
+
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com"
+          token_format: access_token
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      
+      - name: Login to Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+          
+      - name: Maven build and install
+        run: |
+          if [[ ${{github.event_name}} == "push" ]]; then
+            mvn --batch-mode -P artifact-registry,github deploy
+          else
+            mvn --batch-mode clean install
+          fi
+    
+      - name: Docker meta
+        id: docker_metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE }}
+
+      - name: Build and push docker image to Artifact Registry
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ needs.setup-build-push-deploy.outputs.tags }}
+          labels: ${{ steps.docker_metadata.outputs.labels }}
+
+  deploy:
+    name: Deploy to NAIS
+    needs: [build-push, setup-build-push-deploy]
+    uses: ./.github/workflows/deploy-to-nais.yml
+    with:
+      image: ${{needs.setup-build-push-deploy.outputs.nais-image}}
+      cluster: ${{needs.setup-build-push-deploy.outputs.nais-cluster}}
+      nais-config-path:  ${{needs.setup-build-push-deploy.outputs.nais-config-path}}
@@ -0,0 +1,49 @@
+on:
+  pull_request:
+    branches:
+      - master
+    paths-ignore:
+      - "**/*.md"
+      - "Makefile"
+      - ".mvn"
+      - ".gitignore"
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker
+
+jobs:
+  build-test:
+    name: Build and test with Maven
+    if: ${{github.event_name == 'pull_request'}}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: temurin
+          cache: maven
+      
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com"
+          token_format: access_token
+      
+      - name: Login to Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+
+      - name: Maven build and install
+        run: mvn --batch-mode clean install
@@ -0,0 +1,33 @@
+name: Deploy to NAIS
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        description: Image on the form <REGISTRY>/<REPOSITORY>/<IMAGE_NAME>
+        required: true
+        type: string
+      cluster:
+        description: NAIS cluster environment
+        required: true
+        type: string
+      nais-config-path:
+        description: Path to the NAIS configuration file
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    name: Deploy to NAIS cluster
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: ${{ inputs.cluster }}
+          RESOURCE: ${{ inputs.nais-config-path }}
+          VAR: image=${{ inputs.image }}
+          DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443
@@ -0,0 +1,19 @@
+name: Labeler
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  labeler:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v3
+
+      # Reads labels from .github/labels.yml
+      - name: Run Labeler
+        uses: crazy-max/ghaction-github-labeler@v4
+        with:
+          skip-delete: true