Update uvmirror file #1465
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| env: | |
| APP_NAME: bennettbot | |
| IMAGE_NAME: bennettbot | |
| PUBLIC_IMAGE_NAME: ghcr.io/bennettoxford/bennettbot | |
| REGISTRY: ghcr.io | |
| HOST: dokku3.ebmdatalab.net | |
| SSH_AUTH_SOCK: /tmp/agent.sock | |
| on: | |
| push: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| check: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: opensafely-core/setup-action@v1 | |
| with: | |
| install-just: true | |
| install-uv: true | |
| cache: uv | |
| - name: Check formatting, linting and import sorting | |
| run: just check | |
| - name: Check renovate config | |
| run: just check-renovate-config | |
| test: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: opensafely-core/setup-action@v1 | |
| with: | |
| install-just: true | |
| install-uv: true | |
| cache: uv | |
| - name: Run tests | |
| run: | | |
| just test | |
| docker-check: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: opensafely-core/setup-action@v1 | |
| with: | |
| install-just: true | |
| - name: Check formatting, linting and import sorting on docker | |
| run: just docker/check | |
| docker-test: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: opensafely-core/setup-action@v1 | |
| with: | |
| install-just: true | |
| - name: Run tests in docker | |
| run: just docker/test | |
| deploy: | |
| needs: [check, test, docker-check, docker-test] | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| packages: write | |
| if: github.ref == 'refs/heads/main' | |
| concurrency: deploy-production | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: opensafely-core/setup-action@v1 | |
| with: | |
| install-just: true | |
| - name: Build docker image | |
| run: | | |
| just docker/build prod | |
| - name: Publish docker image | |
| run: | | |
| echo ${{ secrets.GITHUB_TOKEN }} | docker login "$REGISTRY" -u ${{ github.actor }} --password-stdin | |
| docker tag "$IMAGE_NAME" "$PUBLIC_IMAGE_NAME:latest" | |
| docker push "$PUBLIC_IMAGE_NAME:latest" | |
| # dump the full local container metadata into the logs in case its useful | |
| docker inspect "$PUBLIC_IMAGE_NAME:latest" | |
| - name: Deploy image | |
| run: | | |
| set -euo pipefail | |
| # Find the full qualified "repo digest" for this image | |
| IMAGE_DIGEST="$( | |
| docker inspect --format='{{join .RepoDigests "\n"}}' "$PUBLIC_IMAGE_NAME:latest" \ | |
| | grep --fixed-strings "$PUBLIC_IMAGE_NAME" || true | |
| )" | |
| # Fail if we have none or more than one (as indicated by the presence of whitespace) | |
| if [[ -z "$IMAGE_DIGEST" || "$IMAGE_DIGEST" =~ [[:space:]] ]]; then | |
| echo "Expected exactly one value in IMAGE_DIGEST, got: $IMAGE_DIGEST" | |
| echo | |
| echo "Debug info:" | |
| set -x | |
| docker inspect --format='{{join .RepoDigests "\n"}}' "$PUBLIC_IMAGE_NAME:latest" | |
| exit 1 | |
| fi | |
| echo "Deploying to $HOST" | |
| echo "dokku git:from-image $APP_NAME $IMAGE_DIGEST" | |
| ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null | |
| ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" | |
| ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" \ | |
| "dokku@$HOST" git:from-image "$APP_NAME" "$IMAGE_DIGEST" |