From 458b5531e7daf17b8a31f2fc80ed3b9c31a40747 Mon Sep 17 00:00:00 2001 From: George Hickman Date: Mon, 6 Nov 2023 14:55:00 +0000 Subject: [PATCH] Deploy metrics to dokku3 --- .github/workflows/main.yml | 51 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d778d545..4bbaf4e7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,12 @@ --- name: CI +env: + IMAGE_NAME: metrics + PUBLIC_IMAGE_NAME: ghcr.io/ebmdatalab/metrics + REGISTRY: ghcr.io + SSH_AUTH_SOCK: /tmp/agent.sock + on: push: @@ -72,6 +78,51 @@ jobs: name: metrics-image path: /tmp/metrics.tar.gz + deploy: + needs: [check, test, docker-test, lint-dockerfile] + + runs-on: ubuntu-latest-4core + + permissions: + contents: read + packages: write + + if: github.ref == 'refs/heads/main' + + concurrency: deploy-production + + steps: + - uses: actions/checkout@v4 + - uses: "opensafely-core/setup-action@v1" + with: + install-just: true + + - name: Download docker image + uses: actions/download-artifact@v3 + with: + name: metrics-image + path: /tmp/image + + - name: Import docker image + run: gunzip -c /tmp/image/metrics.tar.gz | docker load + + - name: Test image we imported from previous job works + run: | + SKIP_BUILD=1 just docker-run prod python -m metrics + + - name: Publish image + run: | + echo ${{ secrets.GITHUB_TOKEN }} | docker login $REGISTRY -u ${{ github.actor }} --password-stdin + docker tag $IMAGE_NAME $PUBLIC_IMAGE_NAME:latest + docker push $PUBLIC_IMAGE_NAME:latest + + - name: Deploy image + run: | + ssh-agent -a $SSH_AUTH_SOCK > /dev/null + ssh-add - <<< "${{ secrets.DOKKU3_DEPLOY_SSH_KEY }}" + SHA=$(docker inspect --format='{{index .RepoDigests 0}}' $PUBLIC_IMAGE_NAME:latest) + ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" dokku@dokku3.ebmdatalab.net git:from-image metrics $SHA + required-checks: if: always()