Merge pull request #2283 from opensafely-core/dependabot/npm_and_yarn… #4074
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
IMAGE_NAME: opencodelists | |
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists | |
REGISTRY: ghcr.io | |
SSH_AUTH_SOCK: /tmp/agent.sock | |
on: | |
push: | |
workflow_dispatch: | |
concurrency: ci-${{ github.ref }} | |
jobs: | |
lint-dockerfile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
with: | |
dockerfile: docker/Dockerfile | |
check-py: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run checks in it | |
run: | | |
# build docker and run checks | |
just docker-check-py | |
check-js: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run checks in it | |
run: | | |
# build docker and run checks | |
just docker-check-js | |
test-py: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image for both prod and dev | |
run: | | |
just docker-build prod | |
just docker-build dev | |
- name: Run unit tests on docker dev image | |
run: | | |
# build docker and run test | |
just docker-test-py | |
- name: Run smoke test on prod | |
run: | | |
just docker-serve prod -d | |
sleep 5 | |
just docker-smoke-test || { docker logs docker_prod_1; exit 1; } | |
- name: Save docker image | |
run: | | |
docker save opencodelists | zstd --fast -o /tmp/opencodelists.tar.zst | |
- name: Upload docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: opencodelists-image | |
path: /tmp/opencodelists.tar.zst | |
compression-level: 0 | |
test-js: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run JS tests in it | |
run: | | |
# build docker and run test | |
just docker-test-js | |
deploy: | |
needs: [check-py, check-js, test-py, test-js, lint-dockerfile] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Download docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: opencodelists-image | |
path: /tmp/image | |
- name: Import docker image | |
run: docker image load --input /tmp/image/opencodelists.tar.zst | |
- name: Test image we imported from previous job works | |
run: | | |
SKIP_BUILD=1 just docker-serve prod -d | |
sleep 5 | |
just docker-smoke-test || { docker logs docker_prod_1; exit 1; } | |
- name: Publish docker image | |
run: | | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin | |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest | |
docker push $PUBLIC_IMAGE_NAME:latest | |
- name: Setup SSH Agent | |
run: | | |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" | |
- name: Deploy | |
run: | | |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest) | |
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image opencodelists $SHA | |
- name: Create Sentry release | |
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }} | |
SENTRY_ORG: ebm-datalab | |
SENTRY_PROJECT: opencodelists | |
with: | |
environment: production | |
ignore_empty: true |