arkivverket · gdubya · Oct 18, 2021 · Nov 2, 2021
diff --git a/.github/workflows/nikita-cd.yaml b/.github/workflows/nikita-cd.yaml
@@ -0,0 +1,85 @@
+---
+name: Nikita CD
+
+on:
+  pull_request:
+    branches:
+      - master
+    types: [closed]
+    paths:
+      - '**'
+      - '.github/workflows/nikita-cd.yaml'
+
+env:
+  ACR: ${{ format('arkivverket.azurecr.io/da-nikita') }}
+  IMAGE: ${{ github.event.repository.name }}
+  TAG: ${{ github.event.pull_request.head.sha }}
+  TARGET_ENV: dev
+
+jobs:
+  pre_job:
+    runs-on: ubuntu-latest
+    outputs:
+      branch: ${{ steps.extract_branch.outputs.branch }}
+    steps:
+      - name: Extract branch name
+        id: extract_branch
+        shell: bash
+        run: echo "##[set-output name=branch;]$(BRANCH=${GITHUB_HEAD_REF#refs/heads/}; echo ${BRANCH//\//-})"
+
+  publish:
+    if: github.event.pull_request.merged == true
+    needs: pre_job
+    runs-on: ubuntu-latest
+    env:
+      BRANCH_TAG: ${{ format('{0}-{1}', needs.pre_job.outputs.branch, github.event.pull_request.head.sha) }}
+    steps:
+      - name: Login to GitHub Package Registry
+        uses: docker/[email protected]
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Pull from GHCR
+        run: docker pull ${{ format('ghcr.io/{0}:{1}', github.repository, env.BRANCH_TAG) }}
+      - name: Tag to ACR
+        run: docker tag ${{ format('ghcr.io/{0}:{1}', github.repository, env.BRANCH_TAG) }} ${ACR}/${IMAGE}:${TAG}
+      - name: Login to ACR
+        uses: Azure/docker-login@v1
+        with:
+          username: ${{ secrets.ARKIVVERKET_AZURE_REGISTRY_USERNAME }}
+          password: ${{ secrets.ARKIVVERKET_AZURE_REGISTRY_PASSWORD }}
+          login-server: https://arkivverket.azurecr.io
+      - name: Publish to ACR
+        run: docker push ${ACR}/${IMAGE}:${TAG}
+
+  update-deployment-version:
+    needs:
+      - publish
+    runs-on: ubuntu-latest
+    env:
+      PR_NUMBER: ${{ github.event.pull_request.number }}
+      PR_URL: ${{ github.event.pull_request.html_url }}
+      REPO: ${{ github.repository }}
+    steps:
+      - uses: actions/[email protected]
+        with:
+          repository: ${{ github.repository_owner }}/da-noark5-visning-poc-k8s-config
+          token: ${{ secrets.GITOPS_PAT }}
+      - uses: imranismail/[email protected]
+        with:
+          kustomize-version: "4.1.3"
+      - run: kustomize edit set image nikitaImage=${ACR}/${IMAGE}:${TAG}
+        working-directory: overlays/${{ env.TARGET_ENV }}
+      - run: |
+          git config --local user.email "${{ secrets.GITOPS_EMAIL }}"
+          git config --local user.name "${{ secrets.GITOPS_USER }}"
+          git add .
+          cat > /tmp/commit-message <<- EOM
+          Set ${IMAGE} image tag to ${TAG} in ${TARGET_ENV}
+
+          Repository: ${REPO}
+          Pull Request: [#${PR_NUMBER}](${PR_URL})
+          EOM
+          git commit -F /tmp/commit-message
+          git push
diff --git a/.github/workflows/nikita-ci.yaml b/.github/workflows/nikita-ci.yaml
@@ -0,0 +1,50 @@
+---
+name: Nikita CI
+
+on:
+  push:
+    branches-ignore:
+      - master
+    paths:
+      - '**'
+      - '.github/workflows/nikita-ci.yaml'
+
+jobs:
+
+  pre_job:
+    runs-on: ubuntu-latest
+    outputs:
+      branch: ${{ steps.extract_branch.outputs.branch }}
+    steps:
+      - name: Extract branch name
+        id: extract_branch
+        shell: bash
+        run: echo "##[set-output name=branch;]$(BRANCH=${GITHUB_REF#refs/heads/}; echo ${BRANCH//\//-})"
+
+  main:
+    runs-on: ubuntu-latest
+    needs: pre_job
+    env:
+      FQ_IMAGE: ${{ format('ghcr.io/arkivverket/nikita-noark5-core:{0}-{1}', needs.pre_job.outputs.branch, github.sha) }}
+    steps:
+      - uses: actions/[email protected]
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          cache: maven
+      - name: Build with Maven
+        run: mvn --batch-mode --update-snapshots compile jib:build -Djib.to.image=${{ env.FQ_IMAGE }} -Djib.to.auth.username=${{ github.repository_owner }} -Djib.to.auth.password=${{ secrets.GITHUB_TOKEN }}
+      - name: Container scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.FQ_IMAGE }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL'
+        env:
+          TRIVY_USERNAME: ${{ github.repository_owner }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,22 +1,43 @@
-version: '2'
+version: '3'
 services:
-# Using this file it is possible to run:
-  #    docker-compose up
-  # I guess it assumes that the nikita image already
-  # exists.
-  # Leaving this commented out as we will use it again soon
-  #  elasticsearch:
-  #    image: "elasticsearch:2.4.4"
-  #    ports:
-  #     - "9200:9200"
-  nikita-noark5-core:
-    image: "oslometabi/nikita-noark5-core"
-    container_name: nikita-noark5
+  elastic:
+    container_name: nikita-elastic
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.13.3
+    ports:
+      - "9200:9200"
+      - "9300:9300"
+    environment:
+      - discovery.type=single-node
+  postgres:
+    container_name: nikita-postgres
+    image: postgres:13
+    ports:
+      - "5432:5432"
+    environment:
+      - POSTGRES_USER=nikita_user
+      - POSTGRES_PASSWORD=N1k1t4
+      - POSTGRES_DB=nikita
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  nikita:
+    depends_on:
+      elastic:
+        condition: service_started
+      postgres:
+        condition: service_healthy
+    image: arkivverket.azurecr.io/da-nikita/nikita-noark5-core:0.7
     ports:
       - "8092:8092"
-      - "8082:8082"
-#    networks:
-#      - n5
-#networks:
-#  n5:
-#    external: true
+    environment:
+      - DB_URI=jdbc:postgresql://nikita-postgres:5432/nikita
+      - DB_USER=nikita_user
+      - DB_PASS=N1k1t4
+      - ELASTIC_URI=http://nikita-elastic:9200
+      - ELASTIC_USER=elastic
+      - ELASTIC_PASS=hQ98IjdXNBC00SS79yEe5207
+      - NIKITA_BASE_DIR=/tmp
+      - spring.profiles.active=postgres
+      - nikita.import.allowed=true