diff --git a/.github/workflows/build_deploy_dev.yml b/.github/workflows/build_deploy_dev.yml index 6ad3d6d89..7823e2afe 100644 --- a/.github/workflows/build_deploy_dev.yml +++ b/.github/workflows/build_deploy_dev.yml @@ -10,9 +10,7 @@ on: default: 'mock' type: choice options: - - 'dev' - 'mock' - - 'q0' - 'preprod' workflow_call: inputs: @@ -20,18 +18,15 @@ on: required: true type: string -env: - DOCKER_IMAGE_POSTFIX: ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}-${{ inputs.config-file-name }} jobs: build-image: name: 'Build Image for Deploy' runs-on: ubuntu-latest permissions: - packages: write - contents: write + contents: read id-token: write outputs: - image-tag: ${{ steps.artifact-version.outputs.version }} + image: ${{ steps.docker-build-push.outputs.image }} steps: - uses: actions/checkout@v4 @@ -59,47 +54,29 @@ jobs: project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} - - name: 'Create artifact version' - id: artifact-version - uses: navikt/sosialhjelp-ci/actions/create-artifact-version@v2 - - - name: 'Release Tag' - uses: ncipollo/release-action@v1 - env: - GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - with: - tag: ${{ steps.artifact-version.outputs.version }} - commit: ${{ github.sha }} - allowUpdates: true - - - name: 'Login to GitHub Docker Registry if GitHub Token Provided' - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - - name: 'Build and Push Docker Image' - uses: navikt/sosialhjelp-ci/actions/build-and-push-docker-image@v2 + - name: Build and push docker image to GAR + uses: nais/docker-build-push@v0 + id: docker-build-push with: - artifact-version: ${{ steps.artifact-version.outputs.version }} - image-name: ${{ env.DOCKER_IMAGE_POSTFIX }} + team: teamdigisos + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + image_suffix: ${{ inputs.config-file-name }} deploy-gcp: name: 'Deploy to development' permissions: id-token: write - if: ${{ inputs.config-file-name != 'q0' }} + contents: read needs: build-image runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: 'Deploy til dev' - uses: nais/deploy/actions/deploy@v2 + uses: nais/deploy/actions/deploy@v3 env: RESOURCE: nais/dev/${{ inputs.config-file-name }}.yaml CLUSTER: dev-gcp REF: ${{ github.sha }} PRINT_PAYLOAD: true - IMAGE: ${{ env.DOCKER_IMAGE_POSTFIX }}:${{ needs.build-image.outputs.image-tag }} + VAR: image=${{ needs.build-image.outputs.image }} diff --git a/.github/workflows/build_image_prod.yml b/.github/workflows/build_deploy_prod.yml similarity index 51% rename from .github/workflows/build_image_prod.yml rename to .github/workflows/build_deploy_prod.yml index c0c7f7732..5ba9987d2 100644 --- a/.github/workflows/build_image_prod.yml +++ b/.github/workflows/build_deploy_prod.yml @@ -1,20 +1,20 @@ name: 'Build Production Image - HUSK MANUELL DEPLOY TIL PROD!' on: + workflow_call: workflow_run: workflows: ['Build code and run tests'] branches: [master] types: - completed -env: - DOCKER_IMAGE_POSTFIX: ghcr.io/${{ github.repository }}/${{ github.event.repository.name }}-production jobs: build-image: - name: 'Build and Push image' + name: 'Build Image for Deploy' runs-on: ubuntu-latest permissions: - packages: write - contents: write + contents: read id-token: write + outputs: + image: ${{ steps.docker-build-push.outputs.image }} steps: - uses: actions/checkout@v4 @@ -39,31 +39,32 @@ jobs: team: teamdigisos source: ./.next/static destination: "/sosialhjelp-innsyn/_next" - identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} - - name: 'Create artifact version' - id: artifact-version - uses: navikt/sosialhjelp-ci/actions/create-artifact-version@v2 - - - name: 'Release Tag' - uses: ncipollo/release-action@v1 - env: - GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - with: - tag: ${{ steps.artifact-version.outputs.version }} - commit: ${{ github.sha }} - allowUpdates: true - - - name: 'Login to GitHub Docker Registry if GitHub Token Provided' - uses: docker/login-action@v3 + - name: Build and push docker image to GAR + uses: nais/docker-build-push@v0 + id: docker-build-push with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + team: teamdigisos + identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }} + project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }} + image_suffix: production - - name: 'Build and Push Docker Image' - uses: navikt/sosialhjelp-ci/actions/build-and-push-docker-image@v2 - with: - artifact-version: ${{ steps.artifact-version.outputs.version }} - image-name: ${{ env.DOCKER_IMAGE_POSTFIX }} + deploy-gcp: + name: 'Deploy to production' + permissions: + id-token: write + contents: read + needs: build-image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: 'Deploy til prod' + uses: nais/deploy/actions/deploy@v3 + env: + RESOURCE: nais/prod/prod.yaml + CLUSTER: prod-gcp + REF: ${{ github.sha }} + PRINT_PAYLOAD: true + VAR: image=${{ needs.build-image.outputs.image }} diff --git a/.github/workflows/delete_images.yml b/.github/workflows/delete_images.yml deleted file mode 100644 index a6a0a3033..000000000 --- a/.github/workflows/delete_images.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: 'Remove Old Images' -on: - workflow_dispatch: - -# schedule: FIXME: kommenterer ut til det foreligger automatisk deploy -# - cron: '0 5 * * 1' - -jobs: - remove-images: - name: 'Remove old images job except 50 most recent' - runs-on: ubuntu-latest - permissions: - packages: write - steps: - - uses: actions/delete-package-versions@v5 - with: - package-name: 'sosialhjelp-innsyn/sosialhjelp-innsyn' - package-type: 'container' - min-versions-to-keep: 50 diff --git a/nais/dev/preprod.yaml b/nais/dev/preprod.yaml index 59bccad59..41f88294c 100644 --- a/nais/dev/preprod.yaml +++ b/nais/dev/preprod.yaml @@ -5,6 +5,8 @@ metadata: namespace: teamdigisos labels: team: teamdigisos + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "150M" spec: image: {{image}} port: 8080 @@ -33,7 +35,6 @@ spec: external: - host: dekoratoren.ekstern.dev.nav.no - host: teamdigisos-unleash-api.nav.cloud.nais.io - - host: login.ekstern.dev.nav.no inbound: rules: - application: wonderwall-innsyn diff --git a/nais/envs/.env.dev b/nais/envs/.env.dev deleted file mode 100644 index 3394e57fb..000000000 --- a/nais/envs/.env.dev +++ /dev/null @@ -1,7 +0,0 @@ -NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL=https://digisos.intern.dev.nav.no/sosialhjelp/innsyn-api/oauth2/slo -NEXT_PUBLIC_INNSYN_API_BASE_URL=https://digisos.dev.nav.no/sosialhjelp/login-api/innsyn-api -NEXT_INNSYN_API_BASE_URL=https://digisos.dev.nav.no/sosialhjelp/login-api/innsyn-api -NEXT_PUBLIC_INNSYN_ORIGIN=https://digisos.dev.nav.no -NEXT_PUBLIC_DEKORATOR_MILJO=dev -NEXT_PUBLIC_RUNTIME_ENVIRONMENT=dev -NEXT_PUBLIC_ASSET_PREFIX=https://cdn.nav.no/teamdigisos/sosialhjelp-innsyn diff --git a/nais/envs/.env.preprod b/nais/envs/.env.preprod index 3456f580b..e3727cc61 100644 --- a/nais/envs/.env.preprod +++ b/nais/envs/.env.preprod @@ -1,6 +1,4 @@ -NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL=https://loginservice.nav.no/slo -NEXT_INNSYN_API_BASE_URL=https://www.ekstern.dev.nav.no/sosialhjelp/wonderwall-innsyn -NEXT_PUBLIC_INNSYN_API_BASE_URL=https://www.ekstern.dev.nav.no/sosialhjelp/wonderwall-innsyn +NEXT_PUBLIC_DEKORATOREN_LOGOUT_URL=/sosialhjelp/innsyn/oauth2/logout NEXT_PUBLIC_LOGIN_BASE_URL=https://login.ekstern.dev.nav.no NEXT_INNSYN_API_HOSTNAME=sosialhjelp-innsyn-api NEXT_PUBLIC_INNSYN_ORIGIN=https://www.ekstern.dev.nav.no diff --git a/nais/envs/.env.production b/nais/envs/.env.production index 6745be8ff..8e3b46d89 100644 --- a/nais/envs/.env.production +++ b/nais/envs/.env.production @@ -1,6 +1,6 @@ -NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL=https://loginservice.nav.no/slo -NEXT_PUBLIC_INNSYN_API_BASE_URL=https://www.nav.no/sosialhjelp/login-api/innsyn-api -NEXT_INNSYN_API_BASE_URL=https://www.nav.no/sosialhjelp/login-api/innsyn-api +NEXT_PUBLIC_DEKORATOREN_LOGOUT_URL=/sosialhjelp/innsyn/oauth2/logout +NEXT_PUBLIC_LOGIN_BASE_URL=https://login.nav.no +NEXT_INNSYN_API_HOSTNAME=sosialhjelp-innsyn-api NEXT_PUBLIC_INNSYN_ORIGIN=https://www.nav.no NEXT_PUBLIC_DEKORATOR_MILJO=prod NEXT_PUBLIC_RUNTIME_ENVIRONMENT=prod diff --git a/nais/envs/.env.q0 b/nais/envs/.env.q0 deleted file mode 100644 index a884c84f3..000000000 --- a/nais/envs/.env.q0 +++ /dev/null @@ -1,7 +0,0 @@ -NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL=https://loginservice.intern.dev.nav.no/slo -NEXT_PUBLIC_INNSYN_API_BASE_URL=https://www-q0.dev.nav.no/sosialhjelp/login-api/innsyn-api -NEXT_INNSYN_API_BASE_URL=https://www-q0.dev.nav.no/sosialhjelp/login-api/innsyn-api -NEXT_PUBLIC_INNSYN_ORIGIN=https://www-q0.dev.nav.no -NEXT_PUBLIC_DEKORATOR_MILJO=dev -NEXT_PUBLIC_RUNTIME_ENVIRONMENT=dev-sbs -NEXT_PUBLIC_ASSET_PREFIX=https://cdn.nav.no/teamdigisos/sosialhjelp-innsyn diff --git a/nais/prod/prod-gcp.yaml b/nais/prod/prod.yaml similarity index 86% rename from nais/prod/prod-gcp.yaml rename to nais/prod/prod.yaml index 0e6edef86..601bb0a22 100644 --- a/nais/prod/prod-gcp.yaml +++ b/nais/prod/prod.yaml @@ -24,16 +24,18 @@ spec: replicas: min: 2 max: 4 - ingresses: - - "https://sosialhjelp-innsyn.prod-gcp.nais.io/sosialhjelp/innsyn" accessPolicy: outbound: rules: + - application: sosialhjelp-innsyn-api - application: nav-dekoratoren namespace: personbruker external: - - host: "https://www.nav.no" + - host: dekoratoren.nav.no - host: teamdigisos-unleash-api.nav.cloud.nais.io + inbound: + rules: + - application: wonderwall-innsyn resources: limits: cpu: 200m diff --git a/src/pages/_document.tsx b/src/pages/_document.tsx index 1766be3f9..9d036658e 100644 --- a/src/pages/_document.tsx +++ b/src/pages/_document.tsx @@ -19,7 +19,7 @@ const decoratorParams = (ctx: DocumentContext): DecoratorFetchProps => ({ chatbot: false, shareScreen: false, utilsBackground: "white", - logoutUrl: process.env.NEXT_PUBLIC_INNSYN_API_SINGLE_LOGOUT_URL || undefined, + logoutUrl: process.env.NEXT_PUBLIC_DEKORATOREN_LOGOUT_URL || undefined, availableLanguages: [ { locale: "nb", diff --git a/wonderwall/prod/wonderwall.yml b/wonderwall/prod/wonderwall.yml index 3f0f2e27f..a6a9aa43b 100644 --- a/wonderwall/prod/wonderwall.yml +++ b/wonderwall/prod/wonderwall.yml @@ -5,6 +5,8 @@ metadata: namespace: teamdigisos labels: team: teamdigisos + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "150M" spec: image: europe-north1-docker.pkg.dev/nais-io/nais/images/wonderwall:latest port: 8080 @@ -45,7 +47,7 @@ spec: - name: WONDERWALL_AUTO_LOGIN value: "true" - name: WONDERWALL_INGRESS - value: https://www.ansatt.nav.no/sosialhjelp/innsyn + value: https://www.nav.no/sosialhjelp/innsyn - name: WONDERWALL_UPSTREAM_HOST value: sosialhjelp-innsyn:80 - name: WONDERWALL_BIND_ADDRESS