Skip to content

Bump cryptography from 40.0.1 to 41.0.3 #2818

Bump cryptography from 40.0.1 to 41.0.3

Bump cryptography from 40.0.1 to 41.0.3 #2818

Workflow file for this run

---
name: CI
env:
IMAGE_NAME: opencodelists
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
workflow_dispatch:
concurrency: ci-${{ github.ref }}
jobs:
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: hadolint/hadolint-action@473e36ba306c199243ffe4f1e652a8b60a8fa296 # v1.4.0
with:
dockerfile: docker/Dockerfile
check-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-py
check-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-js
test-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run Python tests in it
run: |
# build docker and run test
just docker-test-py
test-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run JS tests in it
run: |
# build docker and run test
just docker-test-js
deploy:
needs: [check-py, check-js, test-py, test-js, lint-dockerfile]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v2
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image
run: |
# docker-test step will build the dev image by default, so build the prod image
just docker-build prod
- name: Login to Packages Container registry
run: |
docker login $REGISTRY -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
- name: publish docker image
run: |
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy
run: |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image opencodelists $SHA
- name: Create Sentry release
uses: getsentry/action-release@744e4b262278339b79fb39c8922efcae71e98e39
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: opencodelists
with:
environment: production
ignore_empty: true