add nais test config and workflows

statisticsnorway · Nov 28, 2024 · 8c5d905 · 8c5d905
1 parent 65ec2ba
commit 8c5d905
Show file tree

Hide file tree

Showing 3 changed files with 181 additions and 0 deletions.
diff --git a/.github/workflows/build-deploy-app.yaml b/.github/workflows/build-deploy-app.yaml
@@ -0,0 +1,99 @@
+on:
+  release:
+    types: [published]
+  push:
+    branches:
+      - develop
+    paths-ignore:
+      - '**/*.md'
+      - '.gitignore'
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/dapla-stat/dapla-ctrl
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  setup-build-push-deploy:
+    name: Set up variables to build/push or deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    outputs:
+      nais-image: ${{steps.image-tag.outputs.nais_image}}
+      nais-cluster: ${{steps.nais-deploy-vars.outputs.cluster}}
+      nais-config-path: ${{steps.nais-deploy-vars.outputs.nais_config_path}}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate image tags
+        id: image-tag
+        run: |
+
+          export IMAGE="dapla-ctrl"
+
+          set -x
+
+          if [ ${{ github.event_name }} == "release" ]; then
+            RELEASE_VERSION=${GITHUB_REF#refs/*/}
+            semver=${IMAGE}:v${RELEASE_VERSION}
+
+            ## NAIS image is the image used by NAIS for deployment
+            echo "nais_image=${semver}" >> "$GITHUB_OUTPUT"
+          else
+            git_sha_short="$(git rev-parse --short ${{github.sha}})"
+            current_sha_tag=${IMAGE}:${{github.event.repository.default_branch}}-$git_sha_short
+
+            ## NAIS image is the image used by NAIS for deployment
+            echo "nais_image=${current_sha_tag}" >> "$GITHUB_OUTPUT"
+          fi
+
+          set +x
+
+      - name: Generate NAIS deploy variables
+        id: nais-deploy-vars
+        run: |
+          if [[ ${{github.event_name}} == "release" ]]; then
+            echo "cluster=prod" >> "$GITHUB_OUTPUT"
+            echo "nais_config_path=.nais/prod.yaml" >> "$GITHUB_OUTPUT"
+          else
+            echo "cluster=test" >> "$GITHUB_OUTPUT"
+            echo "nais_config_path=.nais/test.yaml" >> "$GITHUB_OUTPUT"
+          fi
+
+  build-push-deploy:
+    name: Build image, push to registries and deploy image
+    # If triggering event is release, the commits on 'master' should build
+    # the image
+    needs: setup-build-push-deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Build and push image to NAIS Artifact Repository
+        uses: nais/docker-build-push@v0
+        id: docker-push
+        with:
+          team: dapla-stat
+          tag: ${{ needs.setup-build-push-deploy.outputs.nais-image }}
+          pull: false
+          project_id: ${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+
+      - name: Deploy
+        uses: nais/deploy/actions/deploy@v2
+        if: ${{ steps.docker-push.outcome == 'success' }}
+        env:
+          CLUSTER: ${{ needs.setup-build-push-deploy.outputs.nais-cluster }}
+          RESOURCE: ${{ needs.setup-build-push-deploy.outputs.nais-config-path }}
+          IMAGE: ${{ steps.docker-push.outputs.image }}
+          DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443
diff --git a/.github/workflows/nix-check.yaml b/.github/workflows/nix-check.yaml
@@ -0,0 +1,21 @@
+name: Nix tests
+
+on:
+  pull_request:
+    paths: '**/*.nix'
+
+jobs:
+  nix-tests:
+    name: nix-tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+
+      - name:
+        uses: DeterminateSystems/nix-installer-action@v16
+
+      - name: Test formatting of nix files
+        run: |
+          nix fmt -- -c .
diff --git a/.nais/test.yaml b/.nais/test.yaml
@@ -0,0 +1,61 @@
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: dapla-ctrl
+  namespace: dapla-stat
+spec:
+  image: '{{image}}'
+
+  port: 8080
+
+  resources:
+    requests:
+      memory: '512Mi'
+      cpu: '200m'
+    limits:
+      memory: '1024Mi'
+
+  replicas:
+    disableAutoScaling: true
+    max: 1
+    min: 1
+
+  readiness:
+    path: /ready
+    port: 9000
+    failureThreshold: 1
+    initialDelay: 5
+    periodSeconds: 5
+
+  liveness:
+    path: /live
+    port: 9000
+    failureThreshold: 3
+
+  ingresses:
+    - https://dapla-ctrl.intern.test.ssb.no
+
+  accessPolicy:
+    outbound:
+      rules:
+        - application: 'dapla-team-api'
+          namespace: 'dapla-platform'
+      external:
+        - host: 'auth.test.ssb.no'
+
+  envFrom:
+    - secret: login-config-dapla-ctrl # contains: WONDERWALL_OPENID_CLIENT_ID, WONDERWALL_OPENID_CLIENT_SECRET
+
+  # Uses wonderwall
+  login:
+    provider: openid
+    enforce:
+      enabled: true
+
+  env:
+    - name: 'DAPLA_TEAM_API_URL'
+      value: 'http://dapla-team-api.dapla-platform' # uses Service discovery
+    - name: 'DAPLA_CTRL_ADMIN_GROUPS'
+      value: 'dapla-stat-developers,dapla-skyinfra-developers'
+    - name: 'DAPLA_CTRL_DOCUMENTATION_URL'
+      value: 'https://manual.dapla.ssb.no/statistikkere/dapla-ctrl'