This repository has been archived by the owner on Nov 24, 2023. It is now read-only.
generated from opensafely-core/repo-template
-
Notifications
You must be signed in to change notification settings - Fork 0
167 lines (133 loc) · 4.4 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
---
name: CI
env:
IMAGE_NAME: interactive
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/interactive
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
workflow_dispatch:
jobs:
assets:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Install Node.js
uses: actions/setup-node@v3
with:
node-version: "16"
cache: "npm"
- name: Install node_modules
run: npm ci
- name: Test assets
run: npm run test:coverage
- name: Build assets
run: npm run build
- name: Store assets
uses: actions/upload-artifact@v3
with:
name: node-assets
path: assets/dist/bundle
check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: "actions/setup-python@v4"
with:
python-version: "3.10"
cache: "pip"
cache-dependency-path: requirements.*.txt
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0
- name: Check formatting, linting and import sorting
run: just check
test:
needs: [assets, check]
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: "actions/setup-python@v4"
with:
python-version: "3.10"
cache: "pip"
cache-dependency-path: requirements.*.txt
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0
- name: Retrieve assets
uses: actions/download-artifact@v3
with:
name: node-assets
path: assets/dist/bundle
- name: Run tests
env:
SECRET_KEY: 12345 # Fake key for GitHub Actions
run: |
just check-migrations
just test --hypothesis-profile ci
lint-dockerfile:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: hadolint/[email protected]
with:
dockerfile: docker/Dockerfile
failure-threshold: error
docker-test:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0
- name: Run unit tests on docker dev image
run: |
# build docker and run test
just docker-test --hypothesis-profile ci
docker-smoke-test:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0
- name: Run smoke test on prod image
run: |
# test the prod image builds, as its slightly different, and has caught us out before.
just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs docker_prod_1; exit 1; }
deploy:
needs: [check, test, docker-test, lint-dockerfile, docker-smoke-test]
runs-on: ubuntu-22.04
concurrency: deploy-production
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: extractions/setup-just@95b912dc5d3ed106a72907f2f9b91e76d60bdb76 # v1.5.0
- name: Build docker image
run: |
just docker-build prod
- name: Login to Packages Container registry
run: |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
- name: publish docker image
run: |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy to dokku
run: |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image interactive $SHA
- name: Create Sentry release
uses: getsentry/action-release@85e0095193a153d57c458995f99d0afd81b9e5ea
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: interactive
with:
environment: production
ignore_empty: true