generated from opensafely-core/repo-template
-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (113 loc) · 3.53 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
---
name: CI
env:
IMAGE_NAME: metrics
PUBLIC_IMAGE_NAME: ghcr.io/ebmdatalab/metrics
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
jobs:
check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Check formatting, linting and import sorting
run: just check
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.11"
install-just: true
- name: Run tests
run: |
just test
lint-dockerfile:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: docker/Dockerfile
docker-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Build docker image for both prod and dev
run: |
just docker-build prod
just docker-build dev
- name: Run smoke test on prod
environment:
GITHUB_TOKEN: dummy
SLACK_SIGNING_SECRET: dummy
SLACK_TECH_SUPPORT_CHANNEL_ID: dummy
SLACK_TOKEN: dummy
TIMESCALEDB_URL: dummy
run: |
just docker-run prod python -m metrics
- name: Save docker image
run: |
docker save metrics | gzip > /tmp/metrics.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v3
with:
name: metrics-image
path: /tmp/metrics.tar.gz
deploy:
needs: [check, test, docker-test, lint-dockerfile]
runs-on: ubuntu-latest-4core
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
concurrency: deploy-production
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v3
with:
name: metrics-image
path: /tmp/image
- name: Import docker image
run: gunzip -c /tmp/image/metrics.tar.gz | docker load
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-run prod python -m metrics
- name: Publish image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Deploy image
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image metrics $SHA
required-checks:
if: always()
needs:
- check
- test
- docker-test
- lint-dockerfile
runs-on: Ubuntu-latest
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}