Merge pull request #2190 from navikt/dev

[PROD] GCP
navikt · Jun 14, 2024 · 36b0c7e · 36b0c7e
2 parents db36bed + 8799331
commit 36b0c7e
Show file tree

Hide file tree

Showing 30 changed files with 6,148 additions and 11,757 deletions.
diff --git a/.env.gcp b/.env.gcp
@@ -0,0 +1,6 @@
+VITE_MOCK_ENABLED=false
+VITE_USE_HASH_ROUTER=false
+VITE_HODE_URL_V2=https://cdn.nav.no/personoversikt/internarbeidsflate-decorator-v3
+SKIP_PREFLIGHT_CHECK=true
+VITE_AMPLITUDE_API_KEY=4b7349a378cfc18faf21e1fe6bea0cf2
+VITE_AMPLITUDE_API_KEY_DEV=716ce898b7143ffd7ff3e52dfe69bae7
diff --git a/.github/workflows/gcp.yaml b/.github/workflows/gcp.yaml
@@ -0,0 +1,74 @@
+name: Build & deploy to GCP
+
+on: [push]
+
+env:
+    CI: true
+    TZ: Europe/Oslo
+
+jobs:
+    build:
+        name: Build
+        runs-on: ubuntu-latest
+        permissions:
+            packages: write
+            contents: read
+            id-token: write
+        outputs:
+            image: ${{ steps.docker-build-push.outputs.image }}
+        steps:
+            - uses: actions/checkout@v4
+            - uses: actions/setup-node@v4
+              with:
+                  node-version: '18'
+                  cache: 'npm'
+            - name: Install dependencies
+              run: npm ci
+            - name: Test
+              run: npm run test
+            - name: Build
+              run: npm run build:gcp
+            - name: Publish Docker image
+              if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master'
+              uses: nais/docker-build-push@v0
+              id: docker-build-push
+              with:
+                dockerfile: Dockerfile.gcp
+                team: personoversikt
+                identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
+                project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
+
+    deploy-dev:
+        name: Deploy to dev-gcp
+        needs: build
+        if: github.ref == 'refs/heads/dev'
+        runs-on: ubuntu-latest
+        permissions:
+          contents: read
+          id-token: write
+        steps:
+            - uses: actions/checkout@v4
+            - uses: nais/deploy/actions/deploy@v2
+              env:
+                  PRINT_PAYLOAD: true
+                  CLUSTER: dev-gcp
+                  RESOURCE: .nais/dev.yaml
+                  VAR: version=${{ github.sha }},image=${{ needs.build.outputs.image }}
+
+    deploy-prod:
+        name: Deploy to prod-gcp
+        needs: build
+        # TODO Remove deploy from dev
+        if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master'
+        runs-on: ubuntu-latest
+        permissions:
+          contents: read
+          id-token: write
+        steps:
+            - uses: actions/checkout@v4
+            - uses: nais/deploy/actions/deploy@v2
+              env:
+                  PRINT_PAYLOAD: true
+                  CLUSTER: prod-gcp
+                  RESOURCE: .nais/prod-gcp.yaml
+                  VAR: version=${{ github.sha }},image=${{ needs.build.outputs.image }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -3,10 +3,8 @@ name: Build, push, and deploy
 on: [push]
 
 env:
-    SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
     CI: true
     TZ: Europe/Oslo
-    Q1_TEST_BRANCH: refs/heads/branch_name
 
 jobs:
     build:
@@ -33,21 +31,13 @@ jobs:
             - name: Build
               run: npm run build
             - name: Publish Docker image
-              if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master' || github.ref == env.Q1_TEST_BRANCH
+              if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/master'
               uses: nais/docker-build-push@v0
               id: docker-build-push
               with:
                 team: personoversikt
                 identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
                 project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
-            - name: Deploy to Q1 (Test branch)
-              uses: nais/deploy/actions/deploy@v2
-              if: github.ref == env.Q1_TEST_BRANCH
-              env:
-                  PRINT_PAYLOAD: true
-                  CLUSTER: dev-fss
-                  RESOURCE: .nais/qa-template.yaml
-                  VAR: q_env=q1,version=${{ github.sha }},image=${{ steps.docker-build-push.outputs.image }}
 
     deploy-qa:
         name: Deploy to preprod

diff --git a/.github/workflows/unleash.yml b/.github/workflows/unleash.yml
@@ -21,6 +21,38 @@ jobs:
           CLUSTER: dev-fss
           RESOURCE: .nais/unleash/unleash-apitoken-preprod.yaml
 
+  deploy-unleash-api-token-to-dev-gcp:
+    if: github.ref == 'refs/heads/dev'
+    name: Deploy unleash api-token to dev-gcp
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Deploy unleash api token
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: dev-gcp
+          RESOURCE: .nais/unleash/unleash-apitoken-preprod.yaml
+
+  deploy-unleash-api-token-to-prod-gcp:
+    if: github.ref == 'refs/heads/master'
+    name: Deploy unleash api-token to prod-gcp
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Deploy unleash api token
+        uses: nais/deploy/actions/deploy@v2
+        env:
+          CLUSTER: prod-gcp
+          RESOURCE: .nais/unleash/unleash-apitoken-prod.yaml
+
   deploy-unleash-api-token-to-prod:
     if: github.ref == 'refs/heads/master'
     name: Deploy unleash api-token to prod-fss
@@ -35,4 +67,4 @@ jobs:
         uses: nais/deploy/actions/deploy@v2
         env:
           CLUSTER: prod-fss
-          RESOURCE: .nais/unleash/unleash-apitoken-prod.yaml
+          RESOURCE: .nais/unleash/unleash-apitoken-prod.yaml
diff --git a/.nais/dev.yaml b/.nais/dev.yaml
@@ -0,0 +1,84 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: modiapersonoversikt
+  namespace: personoversikt
+  labels:
+    team: personoversikt
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+spec:
+  image: "{{image}}"
+  port: 3000
+  liveness:
+    path: /internal/liveness
+    initialDelay: 20
+  readiness:
+    path: /internal/readiness
+    initialDelay: 20
+  prometheus:
+    enabled: false
+    path: /internal/metrics
+  secureLogs:
+    enabled: true
+  resources:
+    requests:
+      cpu: 200m
+      memory: 512Mi
+    limits:
+      cpu: 3000m
+      memory: 1536Mi
+  ingresses:
+    - https://modiapersonoversikt.intern.dev.nav.no
+  replicas:
+    min: 2
+    max: 4
+    cpuThresholdPercentage: 60
+  azure:
+    application:
+      enabled: true
+      tenant: trygdeetaten.no
+      allowAllUsers: false
+      claims:
+        groups:
+          - id: "67a06857-0028-4a90-bf4c-9c9a92c7d733" # 0000-GA-BD06_ModiaGenerellTilgang
+    sidecar:
+      enabled: true
+      autoLogin: true
+      autoLoginIgnorePaths:
+        - /internal/*
+        - /proxy/**
+  accessPolicy:
+    inbound:
+      rules:
+        - application: azure-token-generator
+          namespace: aura
+          cluster: dev-gcp
+    outbound:
+      rules:
+        - application: modiapersonoversikt-innstillinger
+        - application: modiapersonoversikt-skrivestotte
+        - application: modiapersonoversikt-draft
+        - application: modiacontextholder
+      external:
+        - host: personoversikt-unleash-api.nav.cloud.nais.io
+        - host: modiapersonoversikt-api-q1.dev-fss-pub.nais.io
+  envFrom:
+    - secret: modiapersonoversikt-unleash-api-token
+  env:
+    - name: APP_NAME
+      value: "modiapersonoversikt"
+    - name: APP_VERSION
+      value: "{{ version }}"
+    - name: REFERRER_POLICY
+      value: "no-referrer"
+    - name: APP_ENVIRONMENT_NAME
+      value: q2
+    - name: ENVIRONMENT
+      value: ${APP_ENVIRONMENT_NAME}
+    - name: UNLEASH_ENVIRONMENT
+      value: "development"
+    - name: PUBLIC_DRAFT_WS_URL
+      value: wss://modiapersonoversikt-draft.intern.dev.nav.no
+    - name: CONFIG_PATH
+      value: "./proxy-config-dev.json"
diff --git a/.nais/prod-gcp.yaml b/.nais/prod-gcp.yaml
@@ -0,0 +1,80 @@
+apiVersion: "nais.io/v1alpha1"
+kind: "Application"
+metadata:
+  name: modiapersonoversikt
+  namespace: personoversikt
+  labels:
+    team: personoversikt
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-buffer-size: "8k"
+spec:
+  image: "{{image}}"
+  port: 3000
+  liveness:
+    path: /internal/liveness
+    initialDelay: 20
+  readiness:
+    path: /internal/readiness
+    initialDelay: 20
+  prometheus:
+    enabled: false
+    path: /internal/metrics
+  secureLogs:
+    enabled: true
+  resources:
+    requests:
+      cpu: 600m
+      memory: 1024Mi
+    limits:
+      cpu: 3000m
+      memory: 2048Mi
+  ingresses:
+    - https://modiapersonoversikt.intern.nav.no
+    - https://modiaflate.intern.nav.no/landingpage
+  replicas:
+    min: 2
+    max: 4
+    cpuThresholdPercentage: 50
+  azure:
+    application:
+      enabled: true
+      tenant: nav.no
+      allowAllUsers: false
+      claims:
+        groups:
+          - id: "ea34edea-1e80-4759-a1d2-fbe696cf1709" # 0000-GA-BD06_ModiaGenerellTilgang
+    sidecar:
+      enabled: true
+      autoLogin: true
+      autoLoginIgnorePaths:
+        - /internal/*
+        - /proxy/**
+  accessPolicy:
+    outbound:
+      rules:
+        - application: modiapersonoversikt-innstillinger
+        - application: modiapersonoversikt-skrivestotte
+        - application: modiapersonoversikt-draft
+        - application: modiacontextholder
+      external:
+        - host: personoversikt-unleash-api.nav.cloud.nais.io
+        - host: modiapersonoversikt-api.prod-fss-pub.nais.io
+  envFrom:
+    - secret: modiapersonoversikt-unleash-api-token
+  env:
+    - name: APP_NAME
+      value: "modiapersonoversikt"
+    - name: APP_VERSION
+      value: "{{ version }}"
+    - name: REFERRER_POLICY
+      value: "no-referrer"
+    - name: APP_ENVIRONMENT_NAME
+      value: prod
+    - name: ENVIRONMENT
+      value: ${APP_ENVIRONMENT_NAME}
+    - name: UNLEASH_ENVIRONMENT
+      value: "development"
+    - name: PUBLIC_DRAFT_WS_URL
+      value: wss://modiapersonoversikt-draft.intern.nav.no
+    - name: CONFIG_PATH
+      value: "./proxy-config-prod.json"
diff --git a/.nais/prod.yaml b/.nais/prod.yaml
@@ -31,8 +31,6 @@ spec:
       memory: 2048Mi
   ingresses:
     - https://app.adeo.no/modiapersonoversikt
-    - https://modiapersonoversikt.intern.nav.no
-    - https://modiaflate.intern.nav.no/landingpage
   replicas:
     min: 2
     max: 4

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM europe-north1-docker.pkg.dev/nais-management-233d/personoversikt/modialogin:2024.06.05-09.00-e08afd9
+FROM europe-north1-docker.pkg.dev/nais-management-233d/personoversikt/modialogin:2024.01.04-09.48-46cd9d7
 ADD proxy-config.json /proxy-config.json
 ADD preprod-proxy-config.json /preprod-proxy-config.json
 COPY build /www
diff --git a/Dockerfile.gcp b/Dockerfile.gcp
@@ -0,0 +1,7 @@
+FROM europe-north1-docker.pkg.dev/nais-management-233d/personoversikt/modia-frontend:0.14
+ADD proxy-config-q2.json proxy-config-dev.json
+ADD proxy-config-prod.json proxy-config-prod.json
+COPY build ./static
+
+ENV STATIC_FILES_DIR=./static
+ENV BASE_PATH=/
diff --git a/Dockerfile_heroku b/Dockerfile_heroku