-
Notifications
You must be signed in to change notification settings - Fork 16
132 lines (103 loc) · 3.3 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: CI
env:
IMAGE_NAME: opencodelists
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
workflow_dispatch:
concurrency: ci-${{ github.ref }}
jobs:
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: docker/Dockerfile
check-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-py
check-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-js
test-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run Python tests in it
run: |
# build docker and run test
just docker-test-py
test-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run JS tests in it
run: |
# build docker and run test
just docker-test-js
deploy:
needs: [check-py, check-js, test-py, test-js, lint-dockerfile]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image
run: |
# docker-test step will build the dev image by default, so build the prod image
just docker-build prod
- name: Login to Packages Container registry
run: |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
- name: publish docker image
run: |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy
run: |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image opencodelists $SHA
- name: Create Sentry release
uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: opencodelists
with:
environment: production
ignore_empty: true