generated from opensafely-core/repo-template
-
Notifications
You must be signed in to change notification settings - Fork 0
110 lines (85 loc) · 2.8 KB
/
grafana.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
---
name: Grafana deployment
env:
IMAGE_NAME: grafana
PUBLIC_IMAGE_NAME: ghcr.io/ebmdatalab/grafana
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
jobs:
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: grafana/Dockerfile
docker-test-and-build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Build docker image for both prod and dev
run: |
just grafana/docker-build
- name: Run smoke test on prod
run: |
# TODO: what is this?
# just grafana/docker-run
- name: Save docker image
run: |
docker save grafana | gzip > /tmp/grafana.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v3
with:
name: grafana-image
path: /tmp/grafana.tar.gz
required-checks:
if: always()
needs:
- docker-test-and-build
- lint-dockerfile
runs-on: Ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
deploy:
needs: [required-checks]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
concurrency: deploy-production
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v3
with:
name: grafana-image
path: /tmp/image
- name: Import docker image
run: gunzip -c /tmp/image/grafana.tar.gz | docker load
- name: Test image we imported from previous job works
run: |
# TODO: what is this?
# SKIP_BUILD=1 just grafana/docker-run
- name: Publish image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login "$REGISTRY" -u ${{ github.actor }} --password-stdin
docker tag "$IMAGE_NAME" "$PUBLIC_IMAGE_NAME":latest
docker push "$PUBLIC_IMAGE_NAME":latest
- name: Deploy image
run: |
ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' "$PUBLIC_IMAGE_NAME":latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image grafana "$SHA"