Rename CoreDeveloper Role #9384

Workflow file for this run

	---
	name: CI

	env:
	IMAGE_NAME: job-server
	PUBLIC_IMAGE_NAME: ghcr.io/opensafely-core/job-server
	REGISTRY: ghcr.io
	SSH_AUTH_SOCK: /tmp/agent.sock

	on:
	merge_group:
	pull_request:
	push:
	branches: [main]

	jobs:
	check:
	runs-on: ubuntu-22.04

	steps:
	- uses: actions/checkout@v4
	- uses: "opensafely-core/setup-action@v1"
	with:
	python-version: "3.12"
	install-just: true
	- name: Check formatting, linting and import sorting
	run: just check

	test:
	runs-on: ubuntu-22.04

	services:
	postgres:
	image: postgres:13
	env:
	POSTGRES_USER: user
	POSTGRES_PASSWORD: password
	POSTGRES_DB: jobserver
	ports:
	- 5432:5432
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5

	steps:
	- uses: actions/checkout@v4
	- uses: "opensafely-core/setup-action@v1"
	with:
	python-version: "3.12"
	install-just: true

	- name: Install Node.js
	uses: actions/setup-node@v4
	with:
	node-version-file: ".node-version"
	cache: "npm"
	cache-dependency-path: package-lock.json

	- name: Install node_modules
	run: just assets-install --ignore-scripts

	- name: Lint assets
	run: npm run lint

	- name: Run JS tests
	run: just assets-test

	- name: Build assets
	run: just assets-build

	- name: Install venv
	run: just devenv

	- name: Run tests
	env:
	DATABASE_URL: postgres://user:password@localhost/jobserver
	GITHUB_TOKEN: empty
	GITHUB_TOKEN_TESTING: ${{ secrets.OPENSAFELY_GITHUB_TESTING_ORG_PAT }}
	SECRET_KEY: 12345
	SOCIAL_AUTH_GITHUB_KEY: test
	SOCIAL_AUTH_GITHUB_SECRET: test
	run: \|
	just check-migrations
	# hardcode n because auto=2 in CI for some reason
	just test-ci -n 4

	- name: Upload HTML coverage report if tests failed
	uses: actions/upload-artifact@v4
	with:
	name: python-coverage-report
	path: htmlcov
	# don't fail the job because no files were found, we expect this when
	# * the tests passed with 100% coverage
	# * a test failed and coverage didn't run
	if-no-files-found: ignore
	if: ${{ failure() }} # only upload when the previous step, run tests, fails

	lint-dockerfile:
	runs-on: ubuntu-22.04

	steps:
	- uses: actions/checkout@v4
	- uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
	with:
	dockerfile: docker/Dockerfile

	docker-test:
	runs-on: ubuntu-22.04

	steps:
	- uses: actions/checkout@v4
	- uses: "opensafely-core/setup-action@v1"
	with:
	install-just: true

	- name: Build docker image for both prod and dev
	run: \|
	just docker-build prod
	just docker-build dev

	- name: Run unit tests on docker dev image
	env:
	GITHUB_TOKEN_TESTING: ${{ secrets.OPENSAFELY_GITHUB_TESTING_ORG_PAT }}
	INTERACTIVE_GITHUB_TOKEN:
	run: \|
	# build docker and run test
	just docker-test -n 4 # hardcode n because auto does not dtrt in docker

	- name: Run smoke test on prod
	run: \|
	just docker-serve prod -d
	sleep 5
	just docker-smoke-test \|\| { docker logs job-server_prod_1; exit 1; }

	- name: Save docker image
	run: \|
	docker save job-server \| zstd --fast -o /tmp/job-server.tar.zst

	- name: Upload docker image
	uses: actions/upload-artifact@v4
	with:
	name: job-server-image
	path: /tmp/job-server.tar.zst
	compression-level: 0

	deploy:
	needs: [check, test, docker-test, lint-dockerfile]

	runs-on: ubuntu-22.04

	permissions:
	contents: read
	packages: write

	if: github.ref == 'refs/heads/main'

	concurrency: deploy-production

	steps:
	- uses: actions/checkout@v4
	- uses: "opensafely-core/setup-action@v1"
	with:
	install-just: true

	- name: Download docker image
	uses: actions/download-artifact@v4
	with:
	name: job-server-image
	path: /tmp/image

	- name: Import docker image
	run: docker image load --input /tmp/image/job-server.tar.zst

	- name: Test image we imported from previous job works
	run: \|
	SKIP_BUILD=1 just docker-serve prod -d
	sleep 5
	just docker-smoke-test \|\| { docker logs job-server_prod_1; exit 1; }

	- name: Publish image
	run: \|
	echo ${{ secrets.GITHUB_TOKEN }} \| docker login $REGISTRY -u ${{ github.actor }} --password-stdin
	docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest
	docker push $PUBLIC_IMAGE_NAME:latest

	- name: Deploy image
	run: \|
	ssh-agent -a $SSH_AUTH_SOCK > /dev/null
	ssh-add - <<< "${{ secrets.DOKKU4_DEPLOY_SSH_KEY }}"
	SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest)
	ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" [email protected] git:from-image job-server $SHA

	- name: Create Honeycomb Marker
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	gh release download v0.2.10 -R honeycombio/honeymarker -p '-linux-amd64' -O honeymarker
	chmod 755 ./honeymarker
	# --dataset __all__ will ad an marker to all production datasets (this writekey is for production)
	./honeymarker --writekey ${{ secrets.HC_MARKER_APIKEY }} --dataset job-server add --type deploy --msg "job-server deploy $GITHUB_SHA"

	- name: Create Sentry release
	uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
	env:
	SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_RELEASE_INTEGRATION_TOKEN }}
	SENTRY_ORG: ebm-datalab
	SENTRY_PROJECT: job-server
	with:
	environment: production

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rename CoreDeveloper Role #9384

Workflow file

Rename CoreDeveloper Role #9384

Jobs

Run details

Workflow file for this run