Tilrettelegg for deploy til prod

navikt · Dec 11, 2024 · 221d7d4 · 221d7d4
1 parent 47bb0e9
commit 221d7d4
Show file tree

Hide file tree

Showing 11 changed files with 57 additions and 109 deletions.
diff --git a/.github/workflows/build_deploy_dev.yml b/.github/workflows/build_deploy_dev.yml
@@ -10,28 +10,23 @@ on:
         default: 'mock'
         type: choice
         options:
-          - 'dev'
           - 'mock'
-          - 'q0'
           - 'preprod'
   workflow_call:
     inputs:
       config-file-name:
         required: true
         type: string
 
-env:
-  DOCKER_IMAGE_POSTFIX: ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}-${{ inputs.config-file-name }}
 jobs:
   build-image:
     name: 'Build Image for Deploy'
     runs-on: ubuntu-latest
     permissions:
-      packages: write
-      contents: write
+      contents: read
       id-token: write
     outputs:
-      image-tag: ${{ steps.artifact-version.outputs.version }}
+      image: ${{ steps.docker-build-push.outputs.image }}
     steps:
       - uses: actions/checkout@v4
 
@@ -59,47 +54,29 @@ jobs:
           project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
           identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
 
-      - name: 'Create artifact version'
-        id: artifact-version
-        uses: navikt/sosialhjelp-ci/actions/create-artifact-version@v2
-
-      - name: 'Release Tag'
-        uses: ncipollo/release-action@v1
-        env:
-          GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
-        with:
-          tag: ${{ steps.artifact-version.outputs.version }}
-          commit: ${{ github.sha }}
-          allowUpdates: true
-
-      - name: 'Login to GitHub Docker Registry if GitHub Token Provided'
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-
-      - name: 'Build and Push Docker Image'
-        uses: navikt/sosialhjelp-ci/actions/build-and-push-docker-image@v2
+      - name: Build and push docker image to GAR
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
         with:
-          artifact-version: ${{ steps.artifact-version.outputs.version }}
-          image-name: ${{ env.DOCKER_IMAGE_POSTFIX }}
+          team: teamdigisos
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          image_suffix: ${{ inputs.config-file-name }}
 
   deploy-gcp:
     name: 'Deploy to development'
     permissions:
       id-token: write
-    if: ${{ inputs.config-file-name != 'q0' }}
+      contents: read
     needs: build-image
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: 'Deploy til dev'
-        uses: nais/deploy/actions/deploy@v2
+        uses: nais/deploy/actions/deploy@v3
         env:
           RESOURCE: nais/dev/${{ inputs.config-file-name }}.yaml
           CLUSTER: dev-gcp
           REF: ${{ github.sha }}
           PRINT_PAYLOAD: true
-          IMAGE: ${{ env.DOCKER_IMAGE_POSTFIX }}:${{ needs.build-image.outputs.image-tag }}
+          VAR: image=${{ needs.build-image.outputs.image }}
diff --git a/.github/workflows/build_image_prod.yml → .github/workflows/build_deploy_prod.yml b/.github/workflows/build_image_prod.yml → .github/workflows/build_deploy_prod.yml
@@ -1,20 +1,20 @@
 name: 'Build Production Image - HUSK MANUELL DEPLOY TIL PROD!'
 on:
+  workflow_call:
   workflow_run:
     workflows: ['Build code and run tests']
     branches: [master]
     types:
       - completed
-env:
-  DOCKER_IMAGE_POSTFIX: ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}-production
 jobs:
   build-image:
-    name: 'Build and Push image'
+    name: 'Build Image for Deploy'
     runs-on: ubuntu-latest
     permissions:
-      packages: write
-      contents: write
+      contents: read
       id-token: write
+    outputs:
+      image: ${{ steps.docker-build-push.outputs.image }}
     steps:
       - uses: actions/checkout@v4
 
@@ -39,31 +39,32 @@ jobs:
           team: teamdigisos
           source: ./.next/static
           destination: "/sosialhjelp-innsyn/_next"
-          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
           project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
 
-      - name: 'Create artifact version'
-        id: artifact-version
-        uses: navikt/sosialhjelp-ci/actions/create-artifact-version@v2
-
-      - name: 'Release Tag'
-        uses: ncipollo/release-action@v1
-        env:
-          GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}
-        with:
-          tag: ${{ steps.artifact-version.outputs.version }}
-          commit: ${{ github.sha }}
-          allowUpdates: true
-
-      - name: 'Login to GitHub Docker Registry if GitHub Token Provided'
-        uses: docker/login-action@v3
+      - name: Build and push docker image to GAR
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
         with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          team: teamdigisos
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+          image_suffix: production
 
-      - name: 'Build and Push Docker Image'
-        uses: navikt/sosialhjelp-ci/actions/build-and-push-docker-image@v2
-        with:
-          artifact-version: ${{ steps.artifact-version.outputs.version }}
-          image-name: ${{ env.DOCKER_IMAGE_POSTFIX }}
+  deploy-gcp:
+    name: 'Deploy to production'
+    permissions:
+      id-token: write
+      contents: read
+    needs: build-image
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: 'Deploy til prod'
+        uses: nais/deploy/actions/deploy@v3
+        env:
+          RESOURCE: nais/prod/prod.yaml
+          CLUSTER: prod-gcp
+          REF: ${{ github.sha }}
+          PRINT_PAYLOAD: true
+          VAR: image=${{ needs.build-image.outputs.image }}
diff --git a/.github/workflows/delete_images.yml b/.github/workflows/delete_images.yml
diff --git a/nais/dev/preprod.yaml b/nais/dev/preprod.yaml
@@ -5,6 +5,8 @@ metadata:
   namespace: teamdigisos
   labels:
     team: teamdigisos
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "150M"
 spec:
   image: {{image}}
   port: 8080
@@ -33,7 +35,6 @@ spec:
       external:
         - host: dekoratoren.ekstern.dev.nav.no
         - host: teamdigisos-unleash-api.nav.cloud.nais.io
-        - host: login.ekstern.dev.nav.no
     inbound:
       rules:
         - application: wonderwall-innsyn

diff --git a/nais/envs/.env.dev b/nais/envs/.env.dev
diff --git a/nais/envs/.env.preprod b/nais/envs/.env.preprod
@@ -1,6 +1,4 @@
-NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL=https://loginservice.nav.no/slo
-NEXT_INNSYN_API_BASE_URL=https://www.ekstern.dev.nav.no/sosialhjelp/wonderwall-innsyn
-NEXT_PUBLIC_INNSYN_API_BASE_URL=https://www.ekstern.dev.nav.no/sosialhjelp/wonderwall-innsyn
+NEXT_PUBLIC_DEKORATOREN_LOGOUT_URL=/sosialhjelp/innsyn/oauth2/logout
 NEXT_PUBLIC_LOGIN_BASE_URL=https://login.ekstern.dev.nav.no
 NEXT_INNSYN_API_HOSTNAME=sosialhjelp-innsyn-api
 NEXT_PUBLIC_INNSYN_ORIGIN=https://www.ekstern.dev.nav.no

diff --git a/nais/envs/.env.production b/nais/envs/.env.production
@@ -1,6 +1,6 @@
-NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL=https://loginservice.nav.no/slo
-NEXT_PUBLIC_INNSYN_API_BASE_URL=https://www.nav.no/sosialhjelp/login-api/innsyn-api
-NEXT_INNSYN_API_BASE_URL=https://www.nav.no/sosialhjelp/login-api/innsyn-api
+NEXT_PUBLIC_DEKORATOREN_LOGOUT_URL=/sosialhjelp/innsyn/oauth2/logout
+NEXT_PUBLIC_LOGIN_BASE_URL=https://login.nav.no
+NEXT_INNSYN_API_HOSTNAME=sosialhjelp-innsyn-api
 NEXT_PUBLIC_INNSYN_ORIGIN=https://www.nav.no
 NEXT_PUBLIC_DEKORATOR_MILJO=prod
 NEXT_PUBLIC_RUNTIME_ENVIRONMENT=prod

diff --git a/nais/envs/.env.q0 b/nais/envs/.env.q0
diff --git a/nais/prod/prod-gcp.yaml → nais/prod/prod.yaml b/nais/prod/prod-gcp.yaml → nais/prod/prod.yaml
@@ -24,16 +24,18 @@ spec:
     replicas:
         min: 2
         max: 4
-    ingresses:
-        - "https://sosialhjelp-innsyn.prod-gcp.nais.io/sosialhjelp/innsyn"
     accessPolicy:
         outbound:
             rules:
+                - application: sosialhjelp-innsyn-api
                 - application: nav-dekoratoren
                   namespace: personbruker
             external:
-                - host: "https://www.nav.no"
+                - host: dekoratoren.nav.no
                 - host: teamdigisos-unleash-api.nav.cloud.nais.io
+    inbound:
+        rules:
+            - application: wonderwall-innsyn
     resources:
         limits:
             cpu: 200m

diff --git a/src/pages/_document.tsx b/src/pages/_document.tsx
@@ -19,7 +19,7 @@ const decoratorParams = (ctx: DocumentContext): DecoratorFetchProps => ({
         chatbot: false,
         shareScreen: false,
         utilsBackground: "white",
-        logoutUrl: process.env.NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL || undefined,
+        logoutUrl: process.env.NEXT_PUBLIC_DEKORATOREN_LOGOUT_URL || undefined,
         availableLanguages: [
             {
                 locale: "nb",

diff --git a/wonderwall/prod/wonderwall.yml b/wonderwall/prod/wonderwall.yml
@@ -5,6 +5,8 @@ metadata:
   namespace: teamdigisos
   labels:
     team: teamdigisos
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "150M"
 spec:
   image: europe-north1-docker.pkg.dev/nais-io/nais/images/wonderwall:latest
   port: 8080
@@ -45,7 +47,7 @@ spec:
     - name: WONDERWALL_AUTO_LOGIN
       value: "true"
     - name: WONDERWALL_INGRESS
-      value: https://www.ansatt.nav.no/sosialhjelp/innsyn
+      value: https://www.nav.no/sosialhjelp/innsyn
     - name: WONDERWALL_UPSTREAM_HOST
       value: sosialhjelp-innsyn:80
     - name: WONDERWALL_BIND_ADDRESS