Merge pull request #742 from opensafely-core/over-the-docker-line #540
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tag repo; build and publish assets | |
on: | |
push: | |
branches: | |
- master | |
- main | |
# this allows us to trigger manually | |
workflow_dispatch: | |
env: | |
IMAGE_NAME: job-runner | |
PRIVATE_REPO_ACCESS_TOKEN: ${{ secrets.ACTIONS_PRIVATE_REPO_RO_TOKEN }} | |
STATA_LICENSE: ${{ secrets.STATA_LICENSE }} | |
permissions: | |
packages: write | |
contents: write | |
jobs: | |
tag-new-version: | |
runs-on: ubuntu-latest | |
outputs: | |
tag: ${{ steps.tag.outputs.new_tag }} | |
version: ${{ steps.tag.outputs.new_version }} | |
steps: | |
- uses: actions/checkout@master | |
with: | |
fetch-depth: 0 | |
- name: Bump version and push tag | |
id: tag | |
uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # 6.1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
default_bump: false | |
release_branches: master,main | |
build-and-publish-docker-image: | |
runs-on: ubuntu-latest | |
name: Build and publish docker image | |
# Only on a tagged release | |
needs: tag-new-version | |
if: needs.tag-new-version.outputs.tag | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Just | |
uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d | |
- name: Build image | |
run: | | |
just docker/build dev # build base and dev images | |
just docker/build prod # explicitly build prod as well | |
- name: Test image | |
run: just docker/test | |
- name: Log into GitHub Container Registry | |
run: docker login https://ghcr.io -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} | |
- name: Push image to GitHub Container Registry | |
run: | | |
IMAGE_ID="ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME" | |
docker tag "$IMAGE_NAME" "$IMAGE_ID:latest" | |
docker push "$IMAGE_ID:latest" | |
create-release-from-tag: | |
name: Create release from tag | |
needs: [tag-new-version, build-and-publish-docker-image] | |
if: needs.tag-new-version.outputs.tag | |
uses: ./.github/workflows/add_sbom_to_release.yaml | |
with: | |
release-tag: ${{ needs.tag-new-version.outputs.tag }} |