diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml new file mode 100644 index 00000000..9bba2c9e --- /dev/null +++ b/.github/workflows/integration-test.yml @@ -0,0 +1,88 @@ +name: Integration test + +on: + pull_request: + paths: + - "src/datadoc/**" + - "poetry.lock" + - ".nais/staging-pr.yaml" + - ".github/workflows/integration-test.yml" + +env: + REGISTRY: europe-north1-docker.pkg.dev/nais-management-b3a7/dapla-metadata + IMAGE: datadoc + TAG: ${{ github.head_ref }}-${{ github.sha }} + +jobs: + docker-build: + name: Docker build + permissions: + contents: "read" + id-token: "write" + runs-on: ubuntu-latest + outputs: + image-tag: ${{ steps.metadata.outputs.tags }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: "Authenticate to Google Cloud" + id: "auth" + uses: "google-github-actions/auth@v2.1.2" + with: + workload_identity_provider: "projects/906675412832/locations/global/workloadIdentityPools/ssb-identity-pool/providers/github-oidc-provider" + service_account: "gh-ssb@nais-management-b3a7.iam.gserviceaccount.com" + token_format: "access_token" + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: "oauth2accesstoken" + password: "${{ steps.auth.outputs.access_token }}" + + - name: Docker meta + id: metadata + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE }} + # Docker tags based on the following events/attributes + tags: | + type=sha + + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + cache-from: type=gha + cache-to: type=gha,mode=max + platforms: linux/amd64,linux/arm64 + file: Dockerfile + push: true + tags: | + ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + + - name: Output image digest + run: echo ${{ steps.docker_build.outputs.digest }} + + deploy: + name: Deploy to NAIS + runs-on: ubuntu-latest + needs: docker-build + steps: + - uses: actions/checkout@v4 + - uses: nais/deploy/actions/deploy@v2 + env: + APIKEY: ${{ secrets.NAIS_DEPLOY_APIKEY }} + CLUSTER: staging + RESOURCE: .nais/staging-pr.yaml + VAR: image=${{ needs.docker-build.outputs.image-tag }},pr-number=${{github.event.number}} + DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443 diff --git a/.nais/staging-pr.yaml b/.nais/staging-pr.yaml new file mode 100644 index 00000000..5ef61328 --- /dev/null +++ b/.nais/staging-pr.yaml @@ -0,0 +1,47 @@ +# Deploy to staging environment for an individual PR + +apiVersion: nais.io/v1alpha1 +kind: Application +metadata: + name: datadoc-pr-{{ pr-number }} + namespace: dapla-metadata + labels: + team: dapla-metadata +spec: + image: "{{ image }}" # Injected from the Github Action + port: 8050 + + replicas: + disableAutoScaling: true + max: 1 + min: 1 + + accessPolicy: + outbound: + external: + - host: data.ssb.no + - host: www.ssb.no + + resources: + limits: + memory: 2Gi + requests: + memory: 1Gi + + ttl: 1h + + prometheus: + enabled: false + + ingresses: + - https://datadoc-pr-{{ pr-number }}.staging.ssb.cloud.nais.io + + liveness: + path: /healthz/live + port: 8050 + readiness: + path: /healthz/ready + port: 8050 + startup: + path: /healthz/startup + port: 8050 diff --git a/Dockerfile b/Dockerfile index 3c6bb713..f8432df7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -51,10 +51,6 @@ ENV \ PIP_DISABLE_PIP_VERSION_CHECK=on \ PIP_DEFAULT_TIMEOUT=100 -RUN useradd --create-home appuser -USER appuser -ENV PATH="/home/appuser/.local/bin:$PATH" - # export environment variables for the CMD ENV PACKAGE_NAME=$PACKAGE_NAME ENV APP_PATH=$APP_PATH