Merge pull request #812 from opensafely-core/iaindillingham/add-proje… #1490
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
IMAGE_NAME: reports | |
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/reports | |
REGISTRY: ghcr.io | |
SSH_AUTH_SOCK: /tmp/agent.sock | |
on: | |
push: | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: ".node-version" | |
cache: npm | |
- name: Install node_modules | |
run: npm ci | |
- name: Build assets | |
run: npm run build | |
- name: Store assets | |
uses: actions/upload-artifact@v4 | |
with: | |
name: node-assets | |
path: assets/dist | |
check: | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: "opensafely-core/setup-action@v1" | |
with: | |
python-version: "3.12" | |
cache-dependency-path: requirements.*.txt | |
install-just: true | |
- name: Check formatting, linting and import sorting | |
run: just check | |
test: | |
needs: [build] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: "opensafely-core/setup-action@v1" | |
with: | |
python-version: "3.12" | |
cache-dependency-path: requirements.*.txt | |
install-just: true | |
- name: Retrieve assets | |
uses: actions/download-artifact@v4 | |
with: | |
name: node-assets | |
path: assets/dist | |
- name: Run tests | |
env: | |
SECRET_KEY: 12345 | |
REQUESTS_CACHE_NAME: test_cache | |
SOCIAL_AUTH_NHSID_KEY: dummy-client-id | |
SOCIAL_AUTH_NHSID_SECRET: dummy-secret | |
SOCIAL_AUTH_NHSID_API_URL: https://dummy-nhs.net/oidc | |
ASSETS_DEV_MODE: True | |
GITHUB_TOKEN: | |
run: just test | |
lint-dockerfile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hadolint/[email protected] | |
with: | |
dockerfile: docker/Dockerfile | |
docker-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: "opensafely-core/setup-action@v1" | |
with: | |
install-just: true | |
- name: Build docker image and run tests in it | |
run: | | |
# build docker and run test | |
just docker-test | |
deploy: | |
needs: [test, docker-test, lint-dockerfile] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
if: github.ref == 'refs/heads/main' | |
concurrency: deploy-production | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: "opensafely-core/setup-action@v1" | |
with: | |
install-just: true | |
- name: Build docker image | |
run: | | |
# docker-test step will build the dev image by default, so build the prod image | |
just docker-build prod | |
- name: Login to Packages Container registry | |
run: | | |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} | |
- name: publish docker image | |
run: | | |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest | |
docker push $PUBLIC_IMAGE_NAME:latest | |
- name: Setup SSH Agent | |
run: | | |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" | |
- name: Deploy | |
run: | | |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest) | |
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image reports $SHA | |
- name: Create Sentry release | |
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }} | |
SENTRY_ORG: ebm-datalab | |
SENTRY_PROJECT: reports | |
with: | |
environment: production | |
ignore_empty: true |