Legger inn saksbehandler-gruppe for k9 for tilgangsstyring #1360
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bygg og deploy | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| paths-ignore: | |
| - '**.md' | |
| - '**.MD' | |
| - '.gitignore' | |
| - '.editorconfig' | |
| - '.java-version' | |
| - 'LICENSE' | |
| - 'CODEOWNERS' | |
| - 'lokalutvikling/**' | |
| - '.github/*.yml' | |
| jobs: | |
| build-app: | |
| name: Build | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| uses: navikt/sif-gha-workflows/.github/workflows/maven-build-app-db.yml@main | |
| with: | |
| java-version: 21 | |
| build-image: ${{ github.actor != 'dependabot[bot]' }} | |
| push-image: ${{ github.ref_name == github.event.repository.default_branch}} | |
| upload-image: ${{ github.ref_name != github.event.repository.default_branch }} # TODO: hør med Qadeer om denne trengs | |
| db_schema: k9inntektsmelding_unit | |
| secrets: inherit | |
| verdikjede-tester: | |
| name: Verdikjedetester | |
| secrets: inherit | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: read | |
| uses: navikt/sif-gha-workflows/.github/workflows/verdikjede-test-v2.yml@main | |
| if: ${{github.actor != 'dependabot[bot]'}} | |
| needs: build-app | |
| with: | |
| tag: ${{ needs.build-app.outputs.build-version }} | |
| suites: "beregning,pleiepenger-pleietrengende,livetssluttfase" | |
| override_image_artifact_name: ${{ github.ref_name != github.event.repository.default_branch && needs.build-app.outputs.image-artifact-name || null }} | |
| image_version: ${{ needs.build-app.outputs.build-version }} | |
| deploy-dev: | |
| name: Deploy dev | |
| permissions: | |
| id-token: write | |
| contents: write | |
| # Multiline if condition with pipe must be defined without using ${{ }} around the expressions | |
| # bruker always() for å tvinge if'en til å kjøre selv om verdikjedetest feiler pga needs - dette fordi noen av verdikjede suitene er ikke påkrevd for deploy | |
| if: | | |
| github.ref_name == 'master' | |
| && always() | |
| && needs.verdikjede-tester.outputs.beregning == 'success' | |
| && needs.verdikjede-tester.outputs.pleiepenger-pleietrengende == 'success' | |
| && needs.verdikjede-tester.outputs.livetssluttfase == 'success' | |
| needs: [ build-app, verdikjede-tester ] | |
| uses: navikt/sif-gha-workflows/.github/workflows/maven-deploy.yml@main | |
| with: | |
| gar: true | |
| image: ${{ needs.build-app.outputs.build-version }} | |
| cluster: dev-gcp | |
| naiserator_file: .deploy/naiserator.yaml | |
| input_vars_file: .deploy/dev-gcp.json | |
| secrets: inherit | |
| deploy-prod: | |
| name: Deploy prod | |
| permissions: | |
| id-token: write | |
| contents: write | |
| if: github.ref_name == 'master' | |
| needs: [ build-app, verdikjede-tester, deploy-dev ] | |
| uses: navikt/sif-gha-workflows/.github/workflows/maven-deploy.yml@main | |
| with: | |
| gar: true | |
| image: ${{ needs.build-app.outputs.build-version }} | |
| cluster: prod-gcp | |
| naiserator_file: .deploy/naiserator.yaml | |
| input_vars_file: .deploy/prod-gcp.json | |
| secrets: inherit |