Merge pull request #343 from opensafely-core/dependabot/pip/django-5.1.4 #659
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
IMAGE_NAME: actions-registry | |
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/actions-registry | |
REGISTRY: ghcr.io | |
SSH_AUTH_SOCK: /tmp/agent.sock | |
on: | |
push: | |
jobs: | |
check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
python-version: "3.10" | |
cache-dependency-path: requirements.*.txt | |
install-just: true | |
- name: Check formatting, linting and import sorting | |
run: just check | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
python-version: "3.10" | |
cache-dependency-path: requirements.*.txt | |
install-just: true | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".node-version" | |
cache: "npm" | |
cache-dependency-path: package-lock.json | |
- name: Install node_modules | |
run: npm ci | |
- name: Build assets | |
run: just npm-build | |
- name: Run tests | |
env: | |
SECRET_KEY: 12345 | |
run: just test | |
lint-dockerfile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
with: | |
failure-threshold: error | |
dockerfile: docker/Dockerfile | |
docker-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run tests in it | |
run: | | |
# build docker and run test | |
just docker-test | |
deploy: | |
needs: [check, test, docker-test, lint-dockerfile] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
if: github.ref == 'refs/heads/main' | |
concurrency: deploy-production | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image | |
run: | | |
# docker-test step will build the dev image by default, so build the prod image | |
just docker-build prod | |
- name: Login to Packages Container registry | |
run: | | |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} | |
- name: publish docker image | |
run: | | |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest | |
docker push $PUBLIC_IMAGE_NAME:latest | |
- name: Setup SSH Agent | |
run: | | |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" | |
- name: Deploy | |
run: | | |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest) | |
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image actions-registry $SHA | |
- name: Create Sentry release | |
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }} | |
SENTRY_ORG: ebm-datalab | |
SENTRY_PROJECT: actions-registry | |
with: | |
environment: production | |
ignore_empty: true |