Skip to content

Update JS dependencies #9010

Update JS dependencies

Update JS dependencies #9010

Workflow file for this run

---
name: CI
env:
IMAGE_NAME: job-server
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/job-server
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
merge_group:
pull_request:
push:
branches: [main]
jobs:
check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.12"
install-just: true
- name: Check formatting, linting and import sorting
run: just check
test:
runs-on: ubuntu-22.04
services:
postgres:
image: postgres:13
env:
POSTGRES_USER: user
POSTGRES_PASSWORD: password
POSTGRES_DB: jobserver
ports:
- 5432:5432
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
python-version: "3.12"
install-just: true
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version-file: ".node-version"
cache: "npm"
cache-dependency-path: package-lock.json
- name: Install node_modules
run: just assets-install --ignore-scripts
- name: Lint assets
run: npm run lint
- name: Run JS tests
run: just assets-test
- name: Build assets
run: just assets-build
- name: Install venv
run: just devenv
- name: Run tests
env:
DATABASE_URL: postgres://user:password@localhost/jobserver
GITHUB_TOKEN: empty
GITHUB_TOKEN_TESTING: ${{ secrets.OPENSAFELY_GITHUB_TESTING_ORG_PAT }}
SECRET_KEY: 12345
SOCIAL_AUTH_GITHUB_KEY: test
SOCIAL_AUTH_GITHUB_SECRET: test
run: |
just check-migrations
# hardcode n because auto=2 in CI for some reason
just test-all --migrations -n 4
- name: Upload HTML coverage report if tests failed
uses: actions/upload-artifact@v4
with:
name: python-coverage-report
path: htmlcov
# don't fail the job because no files were found, we expect this when
# * the tests passed with 100% coverage
# * a test failed and coverage didn't run
if-no-files-found: ignore
if: ${{ failure() }} # only upload when the previous step, run tests, fails
lint-dockerfile:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
with:
dockerfile: docker/Dockerfile
docker-test:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Build docker image for both prod and dev
run: |
just docker-build prod
just docker-build dev
- name: Run unit tests on docker dev image
env:
GITHUB_TOKEN_TESTING: ${{ secrets.OPENSAFELY_GITHUB_TESTING_ORG_PAT }}
GITHUB_WRITEABLE_TOKEN:
run: |
# build docker and run test
just docker-test -n 4 # hardcode n because auto does not dtrt in docker
- name: Run smoke test on prod
run: |
just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs job-server_prod_1; exit 1; }
- name: Save docker image
run: |
docker save job-server | zstd --fast -o /tmp/job-server.tar.zst
- name: Upload docker image
uses: actions/upload-artifact@v4
with:
name: job-server-image
path: /tmp/job-server.tar.zst
compression-level: 0
deploy:
needs: [check, test, docker-test, lint-dockerfile]
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
concurrency: deploy-production
steps:
- uses: actions/checkout@v4
- uses: "opensafely-core/setup-action@v1"
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v4
with:
name: job-server-image
path: /tmp/image
- name: Import docker image
run: docker image load --input /tmp/image/job-server.tar.zst
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-serve prod -d
sleep 5
just docker-smoke-test || { docker logs job-server_prod_1; exit 1; }
- name: Publish image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Deploy image
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU4_DEPLOY_SSH_KEY }}"
SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image job-server $SHA
- name: Create Honeycomb Marker
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release download v0.2.10 -R honeycombio/honeymarker -p '*-linux-amd64*' -O honeymarker
chmod 755 ./honeymarker
# --dataset __all__ will ad an marker to *all* production datasets (this writekey is for production)
./honeymarker --writekey ${{ secrets.HC_MARKER_APIKEY }} --dataset job-server add --type deploy --msg "job-server deploy $GITHUB_SHA"
- name: Create Sentry release
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: job-server
with:
environment: production