Dependabot group for patch versions (#5180) #2120
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Docker image | |
| on: | |
| push: | |
| paths-ignore: | |
| - '**.md' | |
| - '.gitignore' | |
| - 'CODEOWNERS' | |
| branches: | |
| - master | |
| env: | |
| IMAGE_BASE: ghcr.io/${{ github.repository }} | |
| jobs: | |
| # test: | |
| # uses: ./.github/workflows/test.yml | |
| # secrets: inherit | |
| # lint-tscheck-build: | |
| # uses: ./.github/workflows/lint-tscheck-build.yml | |
| # secrets: inherit | |
| # with: | |
| # run-build: false | |
| deploy-docker-image: | |
| name: Deploy Docker image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| issues: write | |
| packages: write | |
| # needs: [test, lint-tscheck-build] | |
| outputs: | |
| image: ${{ steps.docker-push.outputs.image }} | |
| steps: | |
| - name: Hente kode | |
| uses: actions/checkout@v4 | |
| - name: Setup .yarnrc.yml | |
| run: | | |
| yarn config set npmScopes.navikt.npmRegistryServer "https://npm.pkg.github.com" | |
| yarn config set npmScopes.navikt.npmAlwaysAuth true | |
| yarn config set npmScopes.navikt.npmAuthToken $NPM_AUTH_TOKEN | |
| env: | |
| NPM_AUTH_TOKEN: ${{ secrets.READER_TOKEN }} | |
| - name: Sette opp Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '18' | |
| cache: 'yarn' | |
| - name: Set timestamp | |
| run: echo "TIMESTAMP=$(expr $(date +%Y%m%d%H%M%S))" >> $GITHUB_ENV | |
| - name: Installere dependencies | |
| run: HUSKY=0 yarn install --immutable | |
| - name: Bygge dist | |
| run: yarn build | |
| - name: Opprett release med Sentry | |
| run: yarn sentry-release | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| - name: Sette TAG variable for docker image & deploy issue-info | |
| run: echo "TAG=$TIMESTAMP-$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_ENV | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Bygg og laste opp docker-image | |
| run: | | |
| docker build --tag ${IMAGE_BASE}:${TAG} --tag ${IMAGE_BASE}:latest --label "version=${TAG}" . | |
| docker push ${IMAGE_BASE} --all-tags | |
| - name: Lukk gamle issues | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| github.rest.issues.listForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| state: 'open', | |
| labels: ['deployment'] | |
| }).then(response => { | |
| response.data.forEach(issue => { | |
| github.rest.issues.update({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: issue.number, | |
| state: 'closed' | |
| }); | |
| }); | |
| }); | |
| - name: Opprett deployment issue | |
| id: createdeployissue | |
| if: success() | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| github.rest.issues.create( { | |
| owner: context.issue.owner, | |
| repo: context.issue.repo, | |
| labels: ['deployment'], | |
| body: 'Kommenter enten "/promote dev-fss" eller "/promote prod-fss" for att deploye ${{ github.sha }}', | |
| title: 'Deploy av ${{ env.TAG }}'}) | |
| .then(response => { | |
| core.setOutput('number', response.data.number); | |
| }); | |
| - name: Trigger verdikjede test | |
| shell: bash | |
| run: | | |
| curl -XPOST -u "x-access-token:${{secrets.GA_P_TOKEN}}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/navikt/k9-verdikjede/actions/workflows/build.yml/dispatches \ | |
| -d '{"ref":"master", | |
| "inputs":{ | |
| "trigger": "${{ github.repository }}", | |
| "version": "${{ env.TAG }}", | |
| "issue_number": "${{ steps.createdeployissue.outputs.number }}" | |
| }}' | |
| - name: Trigg deploy til dev-fss | |
| if: success() | |
| uses: actions/github-script@v6 | |
| with: | |
| github-token: ${{secrets.GA_P_TOKEN}} | |
| script: | | |
| const issue = { owner: context.issue.owner, | |
| repo: context.issue.repo, | |
| issue_number: ${{ steps.createdeployissue.outputs.number }} } | |
| github.rest.issues.createComment({...issue, body: '/promote dev-fss'}) | |
| - name: Set image output | |
| id: docker-push | |
| run: echo "IMAGE=$IMAGE_BASE:$TAG" >> $GITHUB_OUTPUT | |
| trivy: | |
| needs: [ deploy-docker-image ] | |
| uses: navikt/sif-gha-workflows/.github/workflows/trivy-ghcr.yml@main | |
| permissions: | |
| contents: write | |
| security-events: write | |
| actions: read | |
| secrets: inherit | |
| with: | |
| image: ${{ needs.deploy-docker-image.outputs.image }} |