Skip to content
CI/CD

Attempt to run trunk & check for FIXMEs on PR #40

Sign in to view logs

Attempt to run trunk & check for FIXMEs on PR

Attempt to run trunk & check for FIXMEs on PR #40

Workflow file for this run

.github/workflows/ci-cd.yml at 9fe3dd5
name: CI/CD
on:
push:
tags: ["v*"]
branches:
- main
pull_request:
branches:
- main
permissions: read-all
# https://github.com/marketplace/actions/docker-layer-caching
jobs:
code-quality:
runs-on: ubuntu-latest
permissions:
# For trunk to post annotations
checks: write
# For repo checkout
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: Install dependencies
run: |
python -m pip install "poetry==1.6.1"
poetry config virtualenvs.create false
poetry install --no-cache
poetry install --only-root
- name: Export PYTHONPATH
run: |
poetry show
echo "PYTHONPATH=$(pwd)" >> $GITHUB_ENV
- name: Trunk Check
uses: trunk-io/trunk-action@v1
with:
arguments: --ci
- name: Check code contains no FIXME's
run: |
git grep -r --no-color ${case_sensitive} --line-number -e "FIXME" :^.github
if [[ $? -eq 0 ]]; then
# if we found any FIXME entries in checked in files, fail on main
exit 1
else
exit 0
fi
shell: bash {0}
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure test env variables
run: cp .env.example .env
- name: Build docker compose
run: make build_dev
- name: Run Unit Tests
run: make unit_test
- name: Run Integration Tests
run: make integration_test
build:
if: ${{ ! startsWith(github.ref, 'refs/tags') }}
runs-on: ubuntu-latest
needs:
- code-quality
- test
steps:
- uses: actions/checkout@v4
- name: Build
run: make build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Publish initial image based on branch to ECR
env:
DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
shell: bash
run: |
if [[ "${GITHUB_REF}" == "refs/heads"* ]]; then
branch="${GITHUB_REF/refs\/heads\//}"
if [[ "${branch}" = "main" ]]; then
docker_tag=latest
docker tag navigator-admin-backend "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
docker push "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
fi
elif [[ "${GITHUB_REF}" != "refs/tags"* ]]; then
echo "Assuming '${GITHUB_HEAD_REF}' is a branch"
if [[ -n "${GITHUB_HEAD_REF}" ]]; then
branch="$(echo ${GITHUB_HEAD_REF}| tr -c '[0-9,A-Z,a-z]' '-')"
timestamp=$(date --utc -Iseconds | cut -c1-19 | tr -c '[0-9]T\n' '-')
short_sha=${GITHUB_SHA:0:8}
docker_tag="${branch}-${timestamp}-${short_sha}"
docker tag navigator-admin-backend "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
docker push "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
fi
fi
manual-semver:
needs:
- code-quality
- test
if: ${{ startsWith(github.ref, 'refs/tags') }}
uses: climatepolicyradar/reusable-workflows/.github/workflows/semver.yml@main
secrets: inherit
with:
repo-name: navigator-admin-backend
semver-tag: main-${GITHUB_SHA::8}
tag:
needs: build
uses: climatepolicyradar/reusable-workflows/.github/workflows/tag.yml@main
with:
repo-name: navigator-admin-backend
semver-tag: main-${GITHUB_SHA::8}
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
release:
needs: tag
uses: climatepolicyradar/reusable-workflows/.github/workflows/release.yml@main
with:
new_tag: ${{ needs.tag.outputs.new_tag }}