-
Notifications
You must be signed in to change notification settings - Fork 0
161 lines (125 loc) · 3.79 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
---
name: CI
env:
IMAGE_NAME: airlock
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/airlock
REGISTRY: ghcr.io
on:
push:
jobs:
check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Set up development environment
run: just devenv
- name: Check formatting and linting rules
run: just check
test:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version-file: ".node-version"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install node_modules
run: npm ci
- name: Build assets
run: npm run build
- name: Set up development environment
run: just devenv
- name: Run tests
run: |
RUN_SCREENSHOT_TESTS=True just test-all
# not actually needed for tests, but we want to make sure the dev tooling
# is still working
- name: Validate load-example-data dev tooling works
run: |
just manage migrate
just load-example-data
docker-test-dev:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Build docs
run: |
just docs-build
- name: Build docker image for both prod and dev
run: |
just docker/build dev
- name: Run unit tests on docker dev image
run: |
# build docker and run test
just docker/test
docker-test-prod:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Build docs
run: |
just docs-build
- name: Build docker image for both prod and dev
run: |
just docker/build prod
- name: Run smoke test on prod
run: |
just docker/serve prod -d
sleep 5
just docker/smoke-test || { docker logs airlock-prod-1; exit 1; }
- name: Save docker image
run: |
docker save airlock | gzip > /tmp/airlock.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v4
with:
name: airlock-image
path: /tmp/airlock.tar.gz
docker-publish:
needs: [check, test, docker-test-dev, docker-test-prod]
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
concurrency: deploy-production
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: airlock-image
path: /tmp/image
- name: Import docker image
run: gunzip -c /tmp/image/airlock.tar.gz | docker load
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker/serve prod -d
sleep 5
just docker/smoke-test || { docker logs airlock-prod-1; exit 1; }
- name: Publish image
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login "$REGISTRY" -u "${{ github.actor }}" --password-stdin
docker tag "$IMAGE_NAME" "$PUBLIC_IMAGE_NAME:latest"
docker push "$PUBLIC_IMAGE_NAME:latest"