Skip to content
.github/workflows/build-deploy-app.yml

Add OTLP exporter dependency (#181) #198

Sign in to view logs

Add OTLP exporter dependency (#181)

Add OTLP exporter dependency (#181) #198

Workflow file for this run

.github/workflows/build-deploy-app.yml at 77f1696
on:
release:
types: [ published ]
push:
branches:
- master
paths-ignore:
- "**/*.md"
- "Makefile"
- ".mvn"
- ".gitignore"
jobs:
build-push:
name: Build and push to registries
# When releasing, the Maven release plugin will create two commits -
# we only want this job to run once, so we exclude one of the commits.
if: ! contains(${{ github.event.head_commit.message }}, "prepare for next development iteration")

Check warning on line 17 in .github/workflows/build-deploy-app.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/build-deploy-app.yml

Workflow syntax warning 

.github/workflows/build-deploy-app.yml (Line: 17, Col: 9): Conditional expression contains literal text outside replacement tokens. This will cause the expression to always evaluate to truthy. Did you mean to put the entire expression inside ${{ }}?
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
security-events: write
outputs:
nais-tag: ${{steps.nais-deploy-vars.outputs.nais_tag}}
nais-cluster: ${{steps.nais-deploy-vars.outputs.cluster}}
nais-config-path: ${{steps.nais-deploy-vars.outputs.nais_config_path}}
steps:
- uses: actions/checkout@v4
- name: Fail build on High/Critical Vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
format: 'table'
scan-ref: '.'
severity: 'HIGH,CRITICAL'
ignore-unfixed: true
exit-code: 1
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL,HIGH'
skip-setup-trivy: true
- name: Upload Trivy results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin
cache: maven
- name: Setup Maven authentication to GitHub packages
uses: s4u/maven-settings-action@v3.1.0
id: maven_settings
with:
override: true
servers: |
[
{
"id": "ssb-datadoc-model",
"username": "${{ github.actor }}",
"password": "${{ secrets.GITHUB_TOKEN }}"
}
]
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: "projects/${{secrets.GAR_PROJECT_NUMBER}}/locations/global/workloadIdentityPools/gh-actions/providers/gh-actions"
service_account: "gh-actions-dapla-pseudo@${{secrets.GAR_PROJECT_ID}}.iam.gserviceaccount.com"
token_format: access_token
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: europe-north1-docker.pkg.dev/${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
username: "oauth2accesstoken"
password: "${{ steps.auth.outputs.access_token }}"
- name: Maven build and install
run: |
if [[ ${{github.event_name}} == "release" ]]; then
mvn --batch-mode clean package
else
mvn --batch-mode -P dapla-artifact-registry deploy
fi
- name: Add optional extra tag
id: version-tag
run: |
if [ ${{ github.event_name }} == "release" ]; then
RELEASE_VERSION=${GITHUB_REF#refs/*/}
echo "version_tag=v${RELEASE_VERSION}" >> "$GITHUB_OUTPUT"
fi
- name: Build and push image to NAIS Artifact Repository
uses: nais/docker-build-push@v0
id: docker-push
with:
team: dapla-stat
tag: ${{ steps.version-tag.outputs.version_tag }} # Empty if not triggered by release
pull: false
project_id: ${{ secrets.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
byosbom: target/bom.json
- name: Generate image tags
id: nais-deploy-vars
run: |
if [[ ${{github.event_name}} == "release" ]]; then
echo "nais_tag=${{ steps.version-tag.outputs.version_tag }}" >> "$GITHUB_OUTPUT"
echo "cluster=prod" >> "$GITHUB_OUTPUT"
echo "nais_config_path=.nais/prod/nais.yaml" >> "$GITHUB_OUTPUT"
else
echo "nais_tag=${{ steps.docker-push.outputs.tag }}" >> "$GITHUB_OUTPUT"
echo "cluster=test" >> "$GITHUB_OUTPUT"
echo "nais_config_path=.nais/test/nais.yaml" >> "$GITHUB_OUTPUT"
fi
deploy:
name: Deploy to NAIS
needs: build-push
uses: ./.github/workflows/deploy-to-nais.yml
with:
registry: europe-north1-docker.pkg.dev
repository: dapla-stat
image-name: pseudo-service
image-tag: ${{ needs.build-push.outputs.nais-tag }}
cluster: ${{needs.build-push.outputs.nais-cluster}}
nais-config-path: ${{needs.build-push.outputs.nais-config-path}}
secrets: inherit
alert:
name: alert
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
needs: [ build-push, deploy ]
if: ${{ failure() }}
steps:
- name: Set env variables
run: |
echo "NOW=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
if [[ ${{github.event_name}} == "release" ]]; then
echo "environment=prod" >> "$GITHUB_ENV"
echo "SLACK_WEBHOOK_URL=${{ secrets.SLACK_WEBHOOK_URL_PROD }}" >> $GITHUB_ENV
else
echo "environment=test" >> "$GITHUB_ENV"
echo "SLACK_WEBHOOK_URL=${{ secrets.SLACK_WEBHOOK_URL_TEST }}" >> $GITHUB_ENV
fi
- name: Send custom JSON data to Slack workflow
id: slack
uses: slackapi/slack-github-action@v1.25.0
with:
payload: |
{
"text": "The build or deploy of Pseudo Service failed",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "❗️❗️The build or deploy of Pseudo Service in the ${{env.environment}} environment at time ${{env.NOW}} has failed❗️❗️"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "See the workflow logs"
},
"accessory": {
"type": "button",
"text": {
"type": "plain_text",
"text": "Go to workflow",
"emoji": true
},
"style": "primary",
"value": "workflow_button",
"url": "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"action_id": "button-action"
}
}
]
}
env:
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK