This repository has been archived by the owner on Nov 24, 2023. It is now read-only.
Bump dependabot/fetch-metadata from 1.3.5 to 1.6.0 #1217
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
IMAGE_NAME: interactive | |
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/interactive | |
REGISTRY: ghcr.io | |
SSH_AUTH_SOCK: /tmp/agent.sock | |
on: | |
push: | |
workflow_dispatch: | |
jobs: | |
assets: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "16" | |
cache: "npm" | |
- name: Install node_modules | |
run: npm ci | |
- name: Test assets | |
run: npm run test:coverage | |
- name: Build assets | |
run: npm run build | |
- name: Store assets | |
uses: actions/upload-artifact@v3 | |
with: | |
name: node-assets | |
path: assets/dist/bundle | |
check: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: "actions/setup-python@v4" | |
with: | |
python-version: "3.10" | |
cache: "pip" | |
cache-dependency-path: requirements.*.txt | |
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0 | |
- name: Check formatting, linting and import sorting | |
run: just check | |
test: | |
needs: [assets, check] | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: "actions/setup-python@v4" | |
with: | |
python-version: "3.10" | |
cache: "pip" | |
cache-dependency-path: requirements.*.txt | |
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0 | |
- name: Retrieve assets | |
uses: actions/download-artifact@v3 | |
with: | |
name: node-assets | |
path: assets/dist/bundle | |
- name: Run tests | |
env: | |
SECRET_KEY: 12345 # Fake key for GitHub Actions | |
run: | | |
just check-migrations | |
just test --hypothesis-profile ci | |
lint-dockerfile: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hadolint/[email protected] | |
with: | |
dockerfile: docker/Dockerfile | |
failure-threshold: error | |
docker-test: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0 | |
- name: Run unit tests on docker dev image | |
run: | | |
# build docker and run test | |
just docker-test --hypothesis-profile ci | |
docker-smoke-test: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0 | |
- name: Run smoke test on prod image | |
run: | | |
# test the prod image builds, as its slightly different, and has caught us out before. | |
just docker-serve prod -d | |
sleep 5 | |
just docker-smoke-test || { docker logs docker_prod_1; exit 1; } | |
deploy: | |
needs: [check, test, docker-test, lint-dockerfile, docker-smoke-test] | |
runs-on: ubuntu-22.04 | |
concurrency: deploy-production | |
permissions: | |
contents: read | |
packages: write | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0 | |
- name: Build docker image | |
run: | | |
just docker-build prod | |
- name: Login to Packages Container registry | |
run: | | |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} | |
- name: publish docker image | |
run: | | |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest | |
docker push $PUBLIC_IMAGE_NAME:latest | |
- name: Setup SSH Agent | |
run: | | |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" | |
- name: Deploy to dokku | |
run: | | |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest) | |
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image interactive $SHA | |
- name: Create Sentry release | |
uses: getsentry/action-release@85e0095193a153d57c458995f99d0afd81b9e5ea | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }} | |
SENTRY_ORG: ebm-datalab | |
SENTRY_PROJECT: interactive | |
with: | |
environment: production | |
ignore_empty: true |