Merge pull request #78 from navikt/new-proxy-dev #24

Workflow file for this run

.github/workflows/deploy-prod.yaml at 74896dc

	name: Deploy Bob frontend to prod

	on:
	push:
	branches:
	- main

	jobs:
	build:
	name: Bygg
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	packages: write

	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: 22
	registry-url: 'https://npm.pkg.github.com'

	- run: npm install

	- run: npm run build

	- run: npm install
	working-directory: server
	env:
	NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}

	- run: npm run build
	working-directory: server
	env:
	NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}

	- run: npx @cyclonedx/cyclonedx-npm --package-lock-only --ignore-npm-errors --output-file sbom1.json

	- run: npx @cyclonedx/cyclonedx-npm --package-lock-only --omit dev --ignore-npm-errors --output-file sbom2.json server/package.json

	- run: jq -s '.[0] * .[1]' sbom1.json sbom2.json > sbom.merged.json

	- uses: actions/upload-artifact@v4
	with:
	name: ${{ github.sha }}.bom.json
	path: sbom.merged.json

	- uses: nais/docker-build-push@v0
	id: gar-push
	with:
	team: nks-aiautomatisering
	salsa: false
	tag: ${{ github.sha }}
	project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
	identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}

	- id: upload
	uses: nais/deploy/actions/cdn-upload/v2@master
	with:
	team: nks-aiautomatisering
	source: ./dist/
	destination: '/'
	identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
	project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}

	outputs:
	image: ${{ steps.gar-push.outputs.image }}
	digest: ${{ steps.gar-push.outputs.digest }}

	salsa:
	name: attest and sign image
	needs: [ build ]
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	steps:
	- uses: nais/login@v0
	id: login
	with:
	project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
	identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
	team: nks-aiautomatisering

	- uses: actions/download-artifact@v4
	with:
	name: ${{ github.sha }}.bom.json
	path: ./

	- uses: nais/attest-sign@v1
	with:
	image_ref: ${{ needs.build.outputs.image }}@${{ needs.build.outputs.digest }}
	sbom: sbom.merged.json

	deploy-prod-gcp:
	needs: [ build ]
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/main'
	permissions:
	id-token: write
	steps:
	- uses: actions/checkout@v4
	- name: Deploy til prod-gcp
	uses: nais/deploy/actions/deploy@v2
	env:
	CLUSTER: prod-gcp
	RESOURCE: .nais/prod-gcp.yaml
	PRINT_PAYLOAD: true
	VAR: commit=${{ github.sha }},image=${{ needs.build.outputs.image }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #78 from navikt/new-proxy-dev #24

Workflow file

Merge pull request #78 from navikt/new-proxy-dev #24

Jobs

Run details

Workflow file for this run