From 21d8b4836f58ca8d145e5eb0532f64650d5855ba Mon Sep 17 00:00:00 2001
From: Jon Ole Hagemo <jonolehagemo@users.noreply.github.com>
Date: Mon, 13 Jan 2025 21:03:33 +0100
Subject: [PATCH 1/3] Create deploy action

---
 .github/workflows/on_deploy.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/on_deploy.yml

diff --git a/.github/workflows/on_deploy.yml b/.github/workflows/on_deploy.yml
new file mode 100644
index 000000000..e6dcbb24c
--- /dev/null
+++ b/.github/workflows/on_deploy.yml
@@ -0,0 +1,31 @@
+name: Build and deploy
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - main
+jobs:
+  build_and_deploy:
+    name: Build, push and deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build and push image and SBOM to OCI registry
+        uses: nais/docker-build-push@v0
+        id: docker-build-push
+        with:
+          team: ${{ vars.NAIS_TEAM }}
+          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+          project_id: ${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
+      - name: Deploy to Nais
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: test
+          RESOURCE: .nais/test.yaml
+          VAR: image=${{ steps.docker-build-push.outputs.image }}
+          TELEMETRY: ${{ steps.docker-build-push.outputs.telemetry }}
+          DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443
\ No newline at end of file

From ada574cd44bab8e2d69461b9a65a05332b73eeff Mon Sep 17 00:00:00 2001
From: Jon Ole Hagemo <jonolehagemo@users.noreply.github.com>
Date: Mon, 13 Jan 2025 21:04:11 +0100
Subject: [PATCH 2/3] Create nais application description

---
 .nais/test.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .nais/test.yaml

diff --git a/.nais/test.yaml b/.nais/test.yaml
new file mode 100644
index 000000000..7ff042f9e
--- /dev/null
+++ b/.nais/test.yaml
@@ -0,0 +1,17 @@
+apiVersion: nais.io/v1alpha1
+kind: Application
+metadata:
+  name: kontrollprogram
+  namespace: kostra
+spec:
+  ingresses:
+    - https://kostra-kontrollprogram.test.ssb.no
+  image: {{image}}
+  port: 8080
+  replicas:
+    max: 1
+    min: 1
+  resources:
+    requests:
+      cpu: 50m
+      memory: 160Mi
\ No newline at end of file

From bd33815f81b3fd341da385369a19ad1915fd6602 Mon Sep 17 00:00:00 2001
From: Jon Ole Hagemo <jonolehagemo@users.noreply.github.com>
Date: Tue, 14 Jan 2025 09:55:00 +0100
Subject: [PATCH 3/3] Update on_deploy.yml

---
 .github/workflows/on_deploy.yml | 106 +++++++++++++++++++++++++++-----
 1 file changed, 91 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/on_deploy.yml b/.github/workflows/on_deploy.yml
index e6dcbb24c..7aa68dda4 100644
--- a/.github/workflows/on_deploy.yml
+++ b/.github/workflows/on_deploy.yml
@@ -5,27 +5,103 @@ on:
   push:
     branches:
       - main
+
+env:
+  REGISTRY: europe-north1-docker.pkg.dev/artifact-registry-5n/kostra-docker
+  IMAGE: kostra-kontrollprogram
+
 jobs:
-  build_and_deploy:
-    name: Build, push and deploy
-    runs-on: ubuntu-latest
+  docker_build:
+    name: Create Docker image
+    environment: build
     permissions:
-      contents: read
+      contents: write
       id-token: write
+    runs-on: ubuntu-24.04
+    outputs:
+      image: ${{ env.DOCKER_IMAGE }}
     steps:
-      - uses: actions/checkout@v4
-      - name: Build and push image and SBOM to OCI registry
-        uses: nais/docker-build-push@v0
-        id: docker-build-push
+      - name: Create image tag
+        run: |
+          echo "TAG=$(date +'%Y%m%d')-${{github.run_number}}" >> $GITHUB_ENV
+
+      - name: Set docker image env var
+        run: |
+          echo "DOCKER_IMAGE=${REGISTRY}/${IMAGE}:${TAG}" >> $GITHUB_ENV
+
+      - name: Set docker image env var
+        run: |
+          echo "DOCKER_IMAGE=${REGISTRY}/${IMAGE}:${TAG}" >> $GITHUB_ENV
+
+      - name: Echo image tag
+        run: echo $DOCKER_IMAGE
+
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Set up gradle
+        uses: gradle/actions/setup-gradle@v4
         with:
-          team: ${{ vars.NAIS_TEAM }}
-          identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
-          project_id: ${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
-      - name: Deploy to Nais
+          cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+
+      - name: Authenticate to Google Cloud
+        id: "auth"
+        uses: google-github-actions/auth@v2.1.7
+        with:
+          workload_identity_provider: "projects/${{ vars.GAR_PROJECT_NUMBER }}/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
+          service_account: "gh-actions-kostra@${{ vars.GAR_PROJECT_ID }}.iam.gserviceaccount.com"
+          token_format: "access_token"
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+
+      - name: Build and push Docker image to Google Artifact Registry
+        run: >
+          ./gradlew
+          jib
+          --image=${{ env.DOCKER_IMAGE }}
+          --daemon --parallel --build-cache
+
+  test_deploy:
+    name: Deploy to NAIS test
+    environment: test
+    runs-on: ubuntu-24.04
+    needs: docker_build
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Recreate image tag
+        run: |
+          echo "TAG=$(date +'%Y%m%d')-${{github.run_number}}" >> $GITHUB_ENV
+
+      - name: Reset docker image env var
+        run: |
+          echo "DOCKER_IMAGE=${REGISTRY}/${IMAGE}:${TAG}" >> $GITHUB_ENV
+
+      - name: Echo image tag
+        run: echo $DOCKER_IMAGE
+
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Echo image tag
+        run: echo ${{ needs.docker_build.outputs.image }}
+
+      - name: Deploy to NAIS Test
         uses: nais/deploy/actions/deploy@v2
         env:
           CLUSTER: test
           RESOURCE: .nais/test.yaml
-          VAR: image=${{ steps.docker-build-push.outputs.image }}
-          TELEMETRY: ${{ steps.docker-build-push.outputs.telemetry }}
-          DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443
\ No newline at end of file
+          VAR: image=${{ env.DOCKER_IMAGE }}
+          DEPLOY_SERVER: deploy.ssb.cloud.nais.io:443