-
Notifications
You must be signed in to change notification settings - Fork 11
163 lines (128 loc) · 4.19 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
---
name: CI
env:
IMAGE_NAME: opencodelists
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
workflow_dispatch:
concurrency: ci-${{ github.ref }}
jobs:
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: docker/Dockerfile
check-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-py
check-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run checks in it
run: |
# build docker and run checks
just docker-check-js
test-py:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image for both prod and dev
run: |
just docker-build prod
just docker-build dev
- name: Run unit tests on docker dev image
run: |
# build docker and run test
just docker-test-py
- name: Run smoke test on prod
run: |
just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs docker_prod_1; exit 1; }
- name: Save docker image
run: |
docker save opencodelists | gzip > /tmp/opencodelists.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v4
with:
name: opencodelists-image
path: /tmp/opencodelists.tar.gz
test-js:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Build docker image and run JS tests in it
run: |
# build docker and run test
just docker-test-js
deploy:
needs: [check-py, check-js, test-py, test-js, lint-dockerfile]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: opencodelists-image
path: /tmp/image
- name: Import docker image
run: gunzip -c /tmp/image/opencodelists.tar.gz | docker load
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs docker_prod_1; exit 1; }
- name: Publish docker image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy
run: |
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image opencodelists $SHA
- name: Create Sentry release
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: opencodelists
with:
environment: production
ignore_empty: true