Merge pull request #1714 from opensafely-core/dependabot/pip/requests… #3060
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
env: | |
IMAGE_NAME: opencodelists | |
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists | |
REGISTRY: ghcr.io | |
SSH_AUTH_SOCK: /tmp/agent.sock | |
on: | |
push: | |
workflow_dispatch: | |
concurrency: ci-${{ github.ref }} | |
jobs: | |
lint-dockerfile: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 | |
with: | |
dockerfile: docker/Dockerfile | |
check-py: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run checks in it | |
run: | | |
# build docker and run checks | |
just docker-check-py | |
check-js: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run checks in it | |
run: | | |
# build docker and run checks | |
just docker-check-js | |
test-py: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run Python tests in it | |
run: | | |
# build docker and run test | |
just docker-test-py | |
test-js: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image and run JS tests in it | |
run: | | |
# build docker and run test | |
just docker-test-js | |
deploy: | |
needs: [check-py, check-js, test-py, test-js, lint-dockerfile] | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: opensafely-core/setup-action@v1 | |
with: | |
install-just: true | |
- name: Build docker image | |
run: | | |
# docker-test step will build the dev image by default, so build the prod image | |
just docker-build prod | |
- name: Login to Packages Container registry | |
run: | | |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }} | |
- name: publish docker image | |
run: | | |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest | |
docker push $PUBLIC_IMAGE_NAME:latest | |
- name: Setup SSH Agent | |
run: | | |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" | |
- name: Deploy | |
run: | | |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest) | |
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image opencodelists $SHA | |
- name: Create Sentry release | |
uses: getsentry/action-release@4744f6a65149f441c5f396d5b0877307c0db52c7 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }} | |
SENTRY_ORG: ebm-datalab | |
SENTRY_PROJECT: opencodelists | |
with: | |
environment: production | |
ignore_empty: true |