config policy for users when they make a cert request #215
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: [ main ] | |
jobs: | |
build_test: # all steps run in dev container | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Dev Container task | |
uses: devcontainers/[email protected] | |
with: | |
imageName: ghcr.io/astral-devcontainer | |
cacheFrom: ghcr.io/astral-devcontainer | |
push: never | |
runCmd: | | |
# Add multiple commands to run if needed | |
bundle install | |
- name: Lint code for consistent style | |
uses: devcontainers/[email protected] | |
with: | |
imageName: ghcr.io/astral-devcontainer | |
cacheFrom: ghcr.io/astral-devcontainer | |
push: never | |
runCmd: bin/rubocop -f github | |
- name: Run brakeman | |
uses: devcontainers/[email protected] | |
with: | |
imageName: ghcr.io/astral-devcontainer | |
cacheFrom: ghcr.io/astral-devcontainer | |
push: never | |
runCmd: bin/brakeman --no-pager | |
- name: Run tests | |
uses: devcontainers/[email protected] | |
with: | |
imageName: ghcr.io/astral-devcontainer | |
cacheFrom: ghcr.io/astral-devcontainer | |
push: never | |
runCmd: bin/rails test | |
- name: Keep screenshots from failed system tests | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: screenshots | |
path: ${{ github.workspace }}/tmp/screenshots | |
if-no-files-found: ignore | |
docker: | |
name: Publish Docker Image | |
runs-on: ubuntu-latest | |
environment: docker | |
needs: [build_test] | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
permissions: | |
packages: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Compute repo name | |
id: repo | |
run: echo name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_OUTPUT | |
- name: Build & Push Docker Image | |
run: | | |
# Docker login to GitHub Container Registry | |
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin | |
# Build image | |
docker pull ghcr.io/${{ steps.repo.outputs.name }}:latest || : | |
docker build -f Dockerfile -t ghcr.io/${{ steps.repo.outputs.name }}:latest . \ | |
--cache-from ghcr.io/${{ steps.repo.outputs.name }}:latest \ | |
--build-arg RUBY_VERSION=${{ vars.RUBY_VERSION }} \ | |
--build-arg RAILS_ROOT=${{ vars.RAILS_ROOT }} | |
# Push image | |
docker push ghcr.io/${{ steps.repo.outputs.name }}:latest |