ci: add docker-release.yml #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
# The workflow should be triggered on any push and release events. | |
# Release events can push tags (triggering a push event). | |
# Therefore: | |
# - docker-publish-staging – is only triggered on push events to main branch | |
# - docker-publish-release – is only triggered on release events | |
on: | |
push: | |
pull_request: | |
release: | |
types: [ released ] | |
jobs: | |
flake8: | |
name: flake8 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: | | |
pip install -U wheel setuptools | |
pip install -r requirements-dev.txt | |
- name: flake8 | |
uses: liskin/gh-problem-matcher-wrap@v2 | |
with: | |
linters: flake8 | |
run: flake8 | |
isort: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: | | |
pip install -U wheel setuptools | |
pip install -r requirements-dev.txt | |
- name: isort | |
uses: liskin/gh-problem-matcher-wrap@v2 | |
with: | |
linters: isort | |
run: isort --check --profile black src/ | |
black: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: | | |
pip install -U wheel setuptools | |
pip install -r requirements-dev.txt | |
- name: black | |
run: black --check src/ | |
django-check: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: postgres:13-alpine | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
env: | |
SECRET_KEY: 'insecure_key_for_dev' | |
POSTGRES_HOST: localhost | |
POSTGRES_PORT: 5432 | |
AWS_ACCESS_KEY_ID: 'example-aws-access-key-id' | |
AWS_SECRET_ACCESS_KEY: 'example-aws-secret-access-key' | |
AWS_STORAGE_BUCKET_NAME: 'example-aws-storage-bucket-name' | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements-dev.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: Install dependencies | |
run: | | |
pip install -U wheel setuptools | |
pip install -r requirements-dev.txt | |
- name: Run mypy | |
run: mypy --strict src/chains src/safe_apps | |
- name: Check pending migrations | |
run: python src/manage.py makemigrations --check --dry-run | |
- name: Run migrations | |
run: python src/manage.py migrate | |
- name: Django System Check | |
run: python src/manage.py check | |
- name: Run tests with coverage | |
run: coverage run -m pytest src | |
- name: Coveralls | |
uses: coverallsapp/github-action@v2 | |
docker-publish-staging: | |
if: (github.event_name == 'push' && github.ref == 'refs/heads/main') | |
needs: [ flake8, isort, black, django-check ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3.0.0 | |
with: | |
platforms: arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.0.0 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to DockerHub | |
uses: docker/login-action@v3.0.0 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/build-push-action@v5.0.0 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: safeglobal/safe-config-service:staging | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- # Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Image digest | |
run: echo ${{ steps.docker_build.outputs.digest }} | |
docker-publish-release: | |
if: (github.event_name == 'release' && github.event.action == 'released') | |
needs: [ flake8, isort, black, django-check ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3.0.0 | |
with: | |
platforms: arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3.0.0 | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
- name: Login to DockerHub | |
uses: docker/login-action@v3.0.0 | |
with: | |
username: ${{ secrets.DOCKER_USER }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/build-push-action@v5.0.0 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: | | |
safeglobal/safe-config-service:${{ github.event.release.tag_name }} | |
safeglobal/safe-config-service:latest | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
- # Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
- name: Image digest | |
run: echo ${{ steps.docker_build.outputs.digest }} | |
autodeploy: | |
runs-on: ubuntu-latest | |
needs: [docker-publish-staging] | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Deploy Staging | |
run: bash scripts/autodeploy.sh | |
env: | |
AUTODEPLOY_URL: ${{ secrets.AUTODEPLOY_URL }} | |
AUTODEPLOY_TOKEN: ${{ secrets.AUTODEPLOY_TOKEN }} | |
TARGET_ENV: "staging" |