Skip to content

Merge pull request #2035 from opensafely-core/js-deps #3556

Merge pull request #2035 from opensafely-core/js-deps

Merge pull request #2035 from opensafely-core/js-deps #3556

Workflow file for this run

---
name: CI
env:
IMAGE_NAME: opencodelists
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
workflow_dispatch:
concurrency: ci-${{ github.ref }}
jobs:
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: docker/Dockerfile
check-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-py
check-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-js
test-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image for both prod and dev
run: |
just docker-build prod
just docker-build dev
- name: Run unit tests on docker dev image
run: |
# build docker and run test
just docker-test-py
- name: Run smoke test on prod
run: |
just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs docker_prod_1; exit 1; }
- name: Save docker image
run: |
docker save opencodelists | gzip > /tmp/opencodelists.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v4
with:
name: opencodelists-image
path: /tmp/opencodelists.tar.gz
test-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run JS tests in it
run: |
# build docker and run test
just docker-test-js
deploy:
needs: [check-py, check-js, test-py, test-js, lint-dockerfile]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: opencodelists-image
path: /tmp/image
- name: Import docker image
run: gunzip -c /tmp/image/opencodelists.tar.gz | docker load
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs docker_prod_1; exit 1; }
- name: Publish docker image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy
run: |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image opencodelists $SHA
- name: Create Sentry release
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: opencodelists
with:
environment: production
ignore_empty: true