.github/workflows/main.yml

---
name: CI

env:
    IMAGE_NAME: release-hatch
    REGISTRY: ghcr.io

on:
  push:

jobs:
  check:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: "opensafely-core/setup-action@v1"
        with:
          python-version: "3.9"
          cache-dependency-path: "requirements.*.txt"
          install-just: true
      - name: Check formatting, linting and import sorting
        run: just check

  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v3
      - uses: "opensafely-core/setup-action@v1"
        with:
          python-version: "3.9"
          cache-dependency-path: "requirements.*.txt"
          install-just: true
      - name: Run tests
        run: |
          just test

  docker:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - uses: actions/checkout@v3
      - uses: "opensafely-core/setup-action@v1"
        with:
          python-version: "3.9"
          cache-dependency-path: "requirements.*.txt"
          install-just: true
      - name: Build docker image and run tests in it
        run: |
          # build docker and run test
          just docker-test
          # docker-test will build the dev image by default, so build the prod image
          just docker-build prod
          # TODO smoketests
      - name: Login to Packages Container registry
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9  # v1.10.0
        if: github.ref == 'refs/heads/main'
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: publish docker image
        if: github.ref == 'refs/heads/main'
        run: |
            PUBLIC_IMAGE_NAME=$REGISTRY/${{ github.repository_owner }}/$IMAGE_NAME
            docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
            docker push $PUBLIC_IMAGE_NAME:latest


  lint-dockerfile:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf  # v3.1.0
        with:
          failure-threshold: error
          dockerfile: docker/Dockerfile

  required-checks:
    if: always()

    needs:
    - check
    - test
    - docker
    - lint-dockerfile

    runs-on: Ubuntu-latest

    steps:
    - name: Decide whether the needed jobs succeeded or failed
      uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe  # v1.2.2
      with:
        jobs: ${{ toJSON(needs) }}