Skip to content

Commit

Permalink
La til initielt skall for tillgangskontroll app
Browse files Browse the repository at this point in the history
  • Loading branch information
@nilsmsa
nilsmsa committed Dec 5, 2024
1 parent 9d5b2c9 commit 8a0fbe8
Show file tree
Hide file tree
Showing 5 changed files with 202 additions and 2 deletions.
83 changes: 83 additions & 0 deletions .github/workflows/tilgangskontroll.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: Tilgangskontroll

on:
push:
branches:
- main
- dev/*
paths:
- 'apps/tilgangskontroll/**'
- 'lib/**'
- 'domain/**'
- '.github/workflows/tilgangskontroll.yaml'
- 'gradle/**'
- 'settings.gradle.kts'
- 'gradle.properties'
- 'gradlew'
- 'gradlew.bat'

env:
IMAGE: europe-north1-docker.pkg.dev/${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}/paw/paw-tilgangskontroll
jobs:
build:
name: Build
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: read
id-token: write
packages: write
outputs:
image: ${{ steps.docker-build-push.outputs.image }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
java-version: 21
distribution: temurin
cache: gradle
- name: Set module
run: echo "MODULE=tilgangskontroll" >> $GITHUB_ENV
- name: Set version
run: echo "VERSION=$(date +'%y.%m.%d').${{ github.run_number }}-${{ github.run_attempt }}" >> $GITHUB_ENV
- name: Login GAR
uses: nais/login@v0
with:
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
team: paw
- name: Build and push image with Gradle
id: docker-build-push
working-directory: ./
run: |
echo "image=${{ env.IMAGE }}:${{ env.VERSION }}" >> $GITHUB_OUTPUT
echo -Pversion=${{ env.VERSION }} -Pimage=${{ env.IMAGE }} :apps:${{ env.MODULE }}:build :apps:${{ env.MODULE }}:jib
./gradlew -Pversion=${{ env.VERSION }} -Pimage=${{ env.IMAGE }} :apps:${{ env.MODULE }}:build :apps:${{ env.MODULE }}:jib
echo "DIGEST=$(cat apps/${{ env.MODULE }}/build/jib-image.digest)" >> $GITHUB_ENV
env:
ORG_GRADLE_PROJECT_githubPassword: ${{ secrets.GITHUB_TOKEN }}
- name: Attest and sign image
uses: nais/[email protected]
with:
image_ref: ${{ env.IMAGE }}@${{ env.DIGEST }}

deploy-dev:
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/dev')
name: Deploy to dev-gcp
needs:
- build
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Deploy to GCP
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: apps/tilgangskontroll/nais/nais-dev.yaml
VAR: image=${{ needs.build.outputs.image }}
2 changes: 1 addition & 1 deletion apps/tilgangskontroll/build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ dependencies {
implementation(libs.opentelemetry.annotations)
implementation(libs.hoplite.core)
implementation(libs.hoplite.toml)
implementation(libs.nav.security.tokenValidationKtorV2)
implementation(libs.nav.security.tokenValidationKtorV3)
implementation(libs.nav.security.tokenClientCore)
implementation(libs.nav.common.tokenClient)
implementation(libs.nav.common.auditLog)
Expand Down
48 changes: 48 additions & 0 deletions apps/tilgangskontroll/nais/nais-dev.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
apiVersion: nais.io/v1alpha1
kind: Application
metadata:
name: paw-tilgangskontroll
namespace: paw
labels:
team: paw
spec:
image: {{ image }}
port: 8080
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
tokenx:
enabled: true
azure:
application:
enabled: true
allowAllUsers: true
claims:
extra:
- NAVident
env:
replicas:
min: 1
max: 1
liveness:
path: /internal/isAlive
initialDelay: 10
readiness:
path: /internal/isReady
initialDelay: 10
prometheus:
enabled: true
path: /internal/metrics
observability:
autoInstrumentation:
enabled: true
runtime: java
accessPolicy:
inbound:
rules:
outbound:
rules:
external:
48 changes: 48 additions & 0 deletions apps/tilgangskontroll/nais/nais-prod.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
apiVersion: nais.io/v1alpha1
kind: Application
metadata:
name: paw-tilgangskontroll
namespace: paw
labels:
team: paw
spec:
image: {{ image }}
port: 8080
resources:
limits:
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
tokenx:
enabled: true
azure:
application:
enabled: true
allowAllUsers: true
claims:
extra:
- NAVident
env:
replicas:
min: 1
max: 1
liveness:
path: /internal/isAlive
initialDelay: 10
readiness:
path: /internal/isReady
initialDelay: 10
prometheus:
enabled: true
path: /internal/metrics
observability:
autoInstrumentation:
enabled: true
runtime: java
accessPolicy:
inbound:
rules:
outbound:
rules:
external:
23 changes: 22 additions & 1 deletion apps/tilgangskontroll/src/main/kotlin/no/nav/paw/tilgangskontroll/StartApp.kt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,26 @@
package no.nav.paw.tilgangskontroll

fun main() {
import io.ktor.server.engine.embeddedServer
import io.ktor.server.netty.Netty
import io.ktor.server.response.respondText
import io.ktor.server.routing.get
import io.ktor.server.routing.routing
import io.micrometer.prometheusmetrics.PrometheusConfig
import io.micrometer.prometheusmetrics.PrometheusMeterRegistry

fun main() {
val prometheusMeterRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT)
embeddedServer(Netty, port = 8080) {
routing {
get("/internal/isAlive") {
call.respondText("ALIVE")
}
get("/internal/isReady") {
call.respondText("READY")
}
get("/internal/metrics") {
call.respondText(prometheusMeterRegistry.scrape())
}
}
}.start(wait = true)
}

0 comments on commit 8a0fbe8

Please sign in to comment.