Modularize workflows. Remove 'ssb-bip' profile

.github/workflows/build-app.yml

@@ -0,0 +1,62 @@
+name: Build application
+
+on:
+  push:
+    branches:
+      - master
+    paths-ignore:
+      - "**/*.md"
+      - "Makefile"
+      - ".mvn"
+      - ".gitignore"
+
+  pull_request:
+    branches:
+      - master
+    paths-ignore:
+      - "**/*.md"
+      - "Makefile"
+      - ".mvn"
+      - ".gitignore"
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/dapla-stat-docker
+  IMAGE: maskinporten-guardian
+
+jobs:
+  build-test:
+    name: Build and test with Maven
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    outputs:
+      image: ${{ env.REGISTRY }}/${{ env.IMAGE }}
+      image-tag: ${{ github.event.base_ref }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: temurin
+          cache: maven
+
+      - name: Maven build and install
+        run: mvn --batch-mode clean install
+
+  deploy:
+    name: Deploy to NAIS test cluster
+    if: ${{github.event_name == 'push'}}
+    needs: build-test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: ./.github/workflows/build-deploy.yml

.github/workflows/build-deploy.yml

@@ -0,0 +1,110 @@
+on:
+  release:
+    types: [ published ]
+  workflow_call:
+
+jobs:
+  build-push:
+    name: Push image to Artifact Registry
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    outputs:
+      image: ${{ env.REGISTRY }}/${{ env.IMAGE }}
+      branch-image-tag: ${{steps.image_tag.outputs.branch_image_tag}}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: temurin
+          cache: maven
+
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: "projects/848539402404/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-dapla-stat@artifact-registry-5n.iam.gserviceaccount.com"
+          token_format: access_token
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+
+      - name: Set image tag
+        id: image_tag
+        run: |
+          git_sha_short=${git rev-parse --short "$GITHUB_SHA"}
+          branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
+          branch_image_tag=${branch}-{git_sha_short}
+          echo "git_sha_short=${git_sha_short}" >> "$GITHUB_OUTPUT"
+          echo "branch_image_tag=$branch_image_tag" >> "$GITHUB_OUTPUT"
+
+      - name: Extract build metadata for Docker
+        id: build_metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr,suffix=-${{ steps.image_tag.outputs.git_sha_short }}
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=raw,value=${{steps.image_tag.outputs.branch_image_tag}},enable={{is_default_branch}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+
+      - name: Build and push docker image to Artifact Registry
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ steps.build_metadata.outputs.tags }}
+          labels: ${{ steps.build_metadata.outputs.labels }}
+
+  deploy:
+    name: Deploy to NAIS test cluster
+    needs: build-push
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Generate NAIS deploy variables
+      id: nais-deploy-vars
+      run: |
+        ## NAIS image tag is the tag used by NAIS for deployment
+        if [[ ${{github.event_name}} == "release" ]]; then
+          echo "nais_image_tag=v${{github.event.release.tag_name }}" >> "$GITHUB_OUTPUT"
+          echo "cluster=prod" >> "$GITHUB_OUTPUT"
+          echo "nais_config_path=.nais/prod.yaml" >> "$GITHUB_OUTPUT"
+        else
+          echo "nais_image_tag=${{needs.build-push.outputs.branch-image-tag}}" >> "$GITHUB_OUTPUT"
+          echo "cluster=test" >> "$GITHUB_OUTPUT"
+          echo "nais_config_path=.nais/test.yaml" >> "$GITHUB_OUTPUT"
+        fi
+
+    - uses: ./.github/workflows/deploy-to-nais.yml
+      with:
+        image: ${{needs.build-push.outputs.image}}
+        image-tag: ${{steps.nais-deploy-vars.outputs.nais_image_tag}}
+        cluster: ${{steps.nais-deploy-vars.outputs.cluster}}
+        nais-config-path: ${{steps.nais-deploy-vars.outputs.nais_config_path}}

.github/workflows/deploy-to-nais.yml

@@ -0,0 +1,37 @@
+name: Deploy to NAIS
+
+on:
+  workflow_call:
+    inputs:
+      image:
+        description: Image on the form <REGISTRY>/<REPOSITORY>/<IMAGE_NAME>
+        required: true
+        type: string
+      image-tag:
+        description: Image tag
+        required: true
+        type: string
+      cluster:
+        description: NAIS cluster environment
+        required: true
+        type: string
+      nais-config-path:
+        description: Path to the NAIS configuration file
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    name: Deploy to NAIS cluster
+    runs-on: ubuntu-latest
+    permissions:
+      contents: "read"
+      id-token: "write"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: ${{ inputs.cluster }}
+          RESOURCE: ${{ inputs.nais-config-path }}
+          VAR: image=${{ inputs.image }}:${{ inputs.image-tag }}}
+          DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443