-
Notifications
You must be signed in to change notification settings - Fork 17
116 lines (97 loc) · 3.59 KB
/
deploy.yml
File metadata and controls
116 lines (97 loc) · 3.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
---
name: Deploy
env:
IMAGE_NAME: opencodelists
HOST: dokku3.ebmdatalab.net
PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/opencodelists
REGISTRY: ghcr.io
SSH_AUTH_SOCK: /tmp/agent.sock
on:
push:
branches: [main]
concurrency: deploy-production
jobs:
test-and-build-docker-image:
uses: ./.github/workflows/main.yml
deploy:
needs: [test-and-build-docker-image]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- uses: opensafely-core/setup-action@v1
with:
install-just: true
- name: Download docker image
uses: actions/download-artifact@v8
with:
name: opencodelists-image
path: /tmp/image
- name: Import docker image
run: docker image load --input /tmp/image/opencodelists.tar.zst
- name: Test image we imported from previous job works
run: |
SKIP_BUILD=1 just docker-serve prod -d
sleep 5
just docker-smoke-test || {
echo "Smoke test failed, attempting to show logs for all containers:"
for c in $(docker ps -a --format '{{.Names}}'); do
echo "Logs for $c:";
docker logs "$c" || true;
done
exit 1
}
- name: Publish docker image
run: |
echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin
docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
docker push $PUBLIC_IMAGE_NAME:latest
- name: Create Sentry release
uses: getsentry/action-release@dab6548b3c03c4717878099e43782cf5be654289 # v3.5.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: opencodelists
with:
environment: production
ignore_empty: true
finalize: false
- name: Setup SSH Agent
run: |
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}"
- name: Deploy
run: |
set -euo pipefail
# Find the full qualified "repo digest" for this image
IMAGE_DIGEST="$(
docker inspect --format='{{join .RepoDigests "\n"}}' "$PUBLIC_IMAGE_NAME:latest" \
| grep --fixed-strings "$PUBLIC_IMAGE_NAME" || true
)"
# Fail if we have none or more than one (as indicated by the presence of whitespace)
if [[ -z "$IMAGE_DIGEST" || "$IMAGE_DIGEST" =~ [[:space:]] ]]; then
echo "Expected exactly one value in IMAGE_DIGEST, got: $IMAGE_DIGEST"
echo
echo "Debug info:"
set -x
docker inspect --format='{{join .RepoDigests "\n"}}' "$PUBLIC_IMAGE_NAME:latest"
exit 1
fi
echo "Deploying $IMAGE_DIGEST to $HOST"
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" "dokku@$HOST" \
git:from-image opencodelists "$IMAGE_DIGEST"
- name: Create Sentry release
uses: getsentry/action-release@dab6548b3c03c4717878099e43782cf5be654289 # v3.5.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
SENTRY_ORG: ebm-datalab
SENTRY_PROJECT: opencodelists
with:
environment: production
ignore_empty: true
finalize: true