From 864051ce4c7dbd124d344f54eedc4b9b3b37475d Mon Sep 17 00:00:00 2001
From: Tuomas Paulin <tuomas.paulin@polarsquad.com>
Date: Fri, 23 Feb 2024 13:47:05 +0200
Subject: [PATCH] update build file 3rd party action versions and add new
 deploy command

---
 .github/workflows/build.yml | 49 +++++++++++++------------------------
 1 file changed, 17 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 18b428f7a..354bf58a4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,12 +6,16 @@ on:
     paths-ignore:
       - '**.md'
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   test-and-build:
     runs-on: ubuntu-22.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Cache local Maven repository
         uses: actions/cache@v2
@@ -22,16 +26,16 @@ jobs:
             ${{ runner.os }}-maven-
 
       - name: Set up JDK 8
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v4
         with:
           java-version: '8'
-          distribution: 'temurin'
+          distribution: 'corretto'
 
       - uses: actions/setup-node@v3
         with:
           node-version: 8
 
-      - uses: szenius/set-timezone@v1.0
+      - uses: szenius/set-timezone@v1.2
         with:
           timezoneLinux: "Europe/Helsinki"
 
@@ -48,7 +52,7 @@ jobs:
           GITHUB_TOKEN: ${{ github.token }}
         run: |
           ./cibuild.bash
-      - uses: actions/cache@v2
+      - uses: actions/cache@v4
         id: restore-build
         with:
           path: |
@@ -57,30 +61,11 @@ jobs:
 
   deploy-container:
     needs: test-and-build
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - uses: actions/cache@v2
-        id: restore-build
-        with:
-          path: |
-            target
-          key: ${{ github.sha }}
-
-      - name: Build and deploy Docker container
-        shell: bash
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        run: |
-          export ARTIFACT_NAME=omatsivut
-          git clone https://github.com/Opetushallitus/ci-tools.git
-          source ci-tools/common/setup-tools.sh
-          export BASE_IMAGE="baseimage-fatjar-openjdk8:master"
-          mv -i target/omatsivut*SNAPSHOT-allinone.jar $DOCKER_BUILD_DIR/artifact/${ARTIFACT_NAME}.jar
-          cp -vair src/main/resources/oph-configuration $DOCKER_BUILD_DIR/config/
-          ./ci-tools/common/pull-image.sh
-          ./ci-tools/github-build/build-fatjar.sh $ARTIFACT_NAME
-          ./ci-tools/github-build/upload-image.sh $ARTIFACT_NAME
+    uses: Opetushallitus/.github/.github/workflows/push-scan-java-ecr.yml@main
+    with:
+      application: omatsivut
+      base-image: baseimage-fatjar-openjdk8:master
+      configfolder: src/main/resources/oph-configuration
+      jarfile: omatsivut*SNAPSHOT-allinone.jar
+    secrets: 
+      AWS_UTILITY_ROLE_ARN: ${{ secrets.AWS_OPH_UTILITY_ROLE_ARN }}