Skip to content

Merge pull request #724 from opensafely-core/l4-manifest #529

Merge pull request #724 from opensafely-core/l4-manifest

Merge pull request #724 from opensafely-core/l4-manifest #529

name: Tag repo; build and publish assets
on:
push:
branches:
- master
- main
# this allows us to trigger manually
workflow_dispatch:
env:
IMAGE_NAME: job-runner
PRIVATE_REPO_ACCESS_TOKEN: ${{ secrets.ACTIONS_PRIVATE_REPO_RO_TOKEN }}
STATA_LICENSE: ${{ secrets.STATA_LICENSE }}
permissions:
packages: write
contents: write
jobs:
tag-new-version:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.new_tag }}
version: ${{ steps.tag.outputs.new_version }}
steps:
- uses: actions/checkout@master
with:
fetch-depth: 0
- name: Bump version and push tag
id: tag
uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # 6.1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
default_bump: false
release_branches: master,main
build-and-publish-docker-image:
runs-on: ubuntu-latest
name: Build and publish docker image
# Only on a tagged release
needs: tag-new-version
if: needs.tag-new-version.outputs.tag
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Just
uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d
- name: Build image
run: |
just docker/build dev # build base and dev images
just docker/build prod # explicitly build prod as well
- name: Test image
run: just docker/test
- name: Log into GitHub Container Registry
run: docker login https://ghcr.io -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
- name: Push image to GitHub Container Registry
run: |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
docker tag $IMAGE_NAME $IMAGE_ID:latest
docker push $IMAGE_ID:latest
create-release-from-tag:
name: Create release from tag
needs: [tag-new-version, build-and-publish-docker-image]
if: needs.tag-new-version.outputs.tag
uses: ./.github/workflows/add_sbom_to_release.yaml
with:
release-tag: ${{ needs.tag-new-version.outputs.tag }}