-
Notifications
You must be signed in to change notification settings - Fork 11
83 lines (67 loc) · 2.68 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
---
name: Deploy
env:
IMAGE_NAME: job-server
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/job-server
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
branches: [main]
concurrency: deploy-production
jobs:
test-and-build-docker-image:
uses: ./.github/workflows/main.yml
deploy:
needs: [test-and-build-docker-image]
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: job-server-image
path: /tmp/image
- name: Import docker image
# Note that this filename is also set in the build workflow.
# Changing it will require updating it elsewhere.
run: docker image load --input /tmp/image/job-server.tar.zst
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs job-server_prod_1; exit 1; }
- name: Publish image
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login "$REGISTRY" -u "${{ github.actor }}" --password-stdin
docker tag "$IMAGE_NAME" "$PUBLIC_IMAGE_NAME:latest"
docker push "$PUBLIC_IMAGE_NAME:latest"
- name: Deploy image
run: |
ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null
ssh-add - <<< "${{ secrets.DOKKU4_DEPLOY_SSH_KEY }}"
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' "$PUBLIC_IMAGE_NAME:latest")
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image job-server "$SHA"
- name: Create Honeycomb Marker
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release download v0.2.10 -R honeycombio/honeymarker -p '*-linux-amd64*' -O honeymarker
chmod 755 ./honeymarker
# --dataset __all__ will ad an marker to *all* production datasets (this writekey is for production)
./honeymarker --writekey ${{ secrets.HC_MARKER_APIKEY }} --dataset job-server add --type deploy --msg "job-server deploy $GITHUB_SHA"
- name: Create Sentry release
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: job-server
with:
environment: production