Deploy Docker image to ghcr.io #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| merge_group: | |
| jobs: | |
| test-backend: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v4 | |
| - name: Install Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get install libgraphviz-dev | |
| python -m pip install --upgrade pip | |
| pip install uv==0.4.4 | |
| # Use the legacy lockfile to battle test it | |
| uv pip sync --system requirements.txt | |
| # Update output format to enable automatic inline annotations. | |
| - name: Lint Python code | |
| run: ruff check --output-format=github | |
| - name: Check Python formatting | |
| run: ruff format --check | |
| # Check that the lockfile does not need to be updated | |
| # If this fails, run `uv export --format requirements-txt > requirements.txt`. | |
| - name: Check lockfile | |
| run: | | |
| uv lock --locked | |
| uv export --format requirements-txt > requirements.txt.locked | |
| diff requirements.txt requirements.txt.locked | |
| test-frontend: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v4 | |
| - name: Install NodeJS | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Install dependencies | |
| run: | | |
| cd frontend | |
| npm ci | |
| - name: Build packages | |
| run: | | |
| cd frontend | |
| npm run build | |
| - name: Check lints and formatting | |
| run: | | |
| cd frontend | |
| npm run check | |
| build-docker: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker registry | |
| uses: docker/login-action@v3 | |
| continue-on-error: true | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| cache-from: type=registry,ref=ghcr.io/mrlvsb/kelvin-ci-cache | |
| cache-to: type=registry,ref=ghcr.io/mrlvsb/kelvin-ci-cache,compression=zstd | |
| tags: ghcr.io/mrlvsb/kelvin:latest | |
| outputs: type=docker,dest=${{ runner.temp }}/kelvin.tar | |
| - name: Share built image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: kelvin | |
| path: ${{ runner.temp }}/kelvin.tar | |
| deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| needs: [test-backend, test-frontend, build-docker] | |
| environment: production | |
| if: ${{ github.event_name == 'merge_group' }} | |
| steps: | |
| - name: Set up Docker | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download built image | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: kelvin | |
| path: ${{ runner.temp }} | |
| - name: Load image | |
| run: | | |
| docker load --input ${{ runner.temp }}/kelvin.tar | |
| docker image ls -a | |
| - name: Push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| tags: ghcr.io/mrlvsb/kelvin:latest |