generated from opensafely-core/repo-template
-
Notifications
You must be signed in to change notification settings - Fork 0
145 lines (117 loc) · 3.73 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
---
name: CI
env:
IMAGE_NAME: actions-registry
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/actions-registry
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: '16'
cache: npm
- name: Install node_modules
run: npm ci
- name: Build assets
run: npm run build
- name: Store assets
uses: actions/upload-artifact@v3
with:
name: node-assets
path: assets/dist
check:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "pip"
cache-dependency-path: requirements.*.txt
- uses: extractions/setup-just@v1
- name: Check formatting, linting and import sorting
run: just check
test:
needs: [build]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: extractions/setup-just@v1
- uses: actions/setup-python@v4
with:
python-version: "3.10"
cache: "pip"
cache-dependency-path: requirements.*.txt
- name: Retrieve assets
uses: actions/download-artifact@v3
with:
name: node-assets
path: assets/dist
- name: Run tests
env:
SECRET_KEY: 12345
run: just test
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
failure-threshold: error
dockerfile: docker/Dockerfile
docker-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb # v1.4.0
- name: Build docker image and run tests in it
run: |
# build docker and run test
just docker-test
deploy:
needs: [check, test, docker-test, lint-dockerfile]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
concurrency: deploy-production
steps:
- uses: actions/checkout@v4
- uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb # v1.4.0
- name: Build docker image
run: |
# docker-test step will build the dev image by default, so build the prod image
just docker-build prod
- name: Login to Packages Container registry
run: |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
- name: publish docker image
run: |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy
run: |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image actions-registry $SHA
- name: Create Sentry release
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: actions-registry
with:
environment: production
ignore_empty: true