Skip to content

Remove explicit grants assigned to the new tables #141

Remove explicit grants assigned to the new tables

Remove explicit grants assigned to the new tables #141

Workflow file for this run

---
name: CI
env:
IMAGE_NAME: metrics
PUBLIC_IMAGE_NAME: ghcr.io/ebmdatalab/metrics
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Check formatting, linting and import sorting
run: just check
test:
runs-on: ubuntu-latest
services:
timescaledb:
# mirror what's in timescaledb/Dockerfile
image: timescale/timescaledb:pg14-latest@sha256:c453fa2d290d578a5983b5823e9ffbf16f478735d8c121620436c4a9c6e55df5
env:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: metrics
TIMESCALEDB_TELEMETRY: off
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Run tests
env:
GITHUB_TOKEN:
SLACK_SIGNING_SECRET:
SLACK_TECH_SUPPORT_CHANNEL_ID:
SLACK_TOKEN:
TIMESCALEDB_URL: postgresql://user:password@localhost/metrics
run: |
just test
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: docker/Dockerfile
docker-test-and-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Build docker image for both prod and dev
run: |
just docker-build prod
just docker-build dev
- name: Run smoke test on prod
run: |
just docker-run prod python -m metrics
- name: Save docker image
run: |
docker save metrics | gzip > /tmp/metrics.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v3
with:
name: metrics-image
path: /tmp/metrics.tar.gz
required-checks:
if: always()
needs:
- check
- test
- docker-test-and-build
- lint-dockerfile
runs-on: Ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
deploy:
needs: [required-checks]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
concurrency: deploy-production
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v3
with:
name: metrics-image
path: /tmp/image
- name: Import docker image
run: gunzip -c /tmp/image/metrics.tar.gz | docker load
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-run prod python -m metrics
- name: Publish image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login "$REGISTRY" -u ${{ github.actor }} --password-stdin
docker tag "$IMAGE_NAME" "$PUBLIC_IMAGE_NAME":latest
docker push "$PUBLIC_IMAGE_NAME":latest
- name: Deploy image
run: |
ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' "$PUBLIC_IMAGE_NAME":latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image metrics "$SHA"