Merge pull request #1001 from opensafely-core/dependabot/github_actio… #537
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Tag repo; build and publish assets | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: explicit tag to publish (must start with v) | |
required: true | |
env: | |
IMAGE_NAME: cohortextractor | |
jobs: | |
tag-new-version: | |
# This uses `conventional commits` to generate tags. A full list | |
# of valid prefixes is here: | |
# https://github.com/commitizen/conventional-commit-types/blob/master/index.json) | |
# | |
# fix, perf -> patch release | |
# feat -> minor release | |
# BREAKING CHANGE in footer -> major release | |
# | |
# anything else (docs, refactor, etc) does not create a release | |
runs-on: ubuntu-latest | |
outputs: | |
tag: ${{ steps.tag.outputs.new_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
# Required to get previous tags | |
fetch-depth: 0 | |
- name: Bump version and push tag | |
id: tag | |
uses: mathieudutour/github-tag-action@fcfbdceb3093f6d85a3b194740f8c6cec632f4e2 # v6.1 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
default_bump: false | |
release_branches: main | |
build-and-publish-package: | |
runs-on: ubuntu-latest | |
name: Build and publish PyPI package | |
needs: tag-new-version | |
if: needs.tag-new-version.outputs.tag | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.8 | |
- name: Install wheel package | |
run: | | |
pip install wheel | |
- name: set VERSION environment variable | |
run: echo "VERSION=${{github.event.inputs.tag || needs.tag-new-version.outputs.tag}}" >> $GITHUB_ENV | |
- name: Generate correct value for VERSION file | |
run: echo "$VERSION" > cohortextractor/VERSION | |
- name: Build package | |
run: | | |
python setup.py sdist bdist_wheel | |
- name: Publish package | |
uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_PASSWORD }} | |
build-and-publish-docker-image: | |
runs-on: ubuntu-latest | |
name: Build and publish docker image | |
needs: tag-new-version | |
if: github.event.inputs.tag || needs.tag-new-version.outputs.tag | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: set VERSION environment variable | |
run: echo "VERSION=${{github.event.inputs.tag || needs.tag-new-version.outputs.tag}}" >> $GITHUB_ENV | |
- name: Generate correct value for VERSION file | |
run: echo "$VERSION" > cohortextractor/VERSION | |
- name: Build docker | |
run: make docker-build ENV=prod VERSION=$VERSION | |
- name: Basic docker test | |
run: docker run cohortextractor --help | |
- name: Log into GitHub Container Registry | |
run: docker login https://ghcr.io -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} | |
- name: Push image to GitHub Container Registry | |
run: | | |
echo "VERSION=$VERSION" | |
IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME | |
# Change all uppercase to lowercase | |
IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
docker tag $IMAGE_NAME $IMAGE_ID:latest | |
docker tag $IMAGE_NAME $IMAGE_ID:$VERSION | |
docker push $IMAGE_ID:latest | |
docker push $IMAGE_ID:$VERSION |