Update ci.yml

Floris272 · Oct 4, 2024 · f4a9c8b · f4a9c8b
1 parent 36bb64c
commit f4a9c8b
Showing 1 changed file with 91 additions and 49 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -12,11 +12,38 @@ on:
   workflow_dispatch:
 
 env:
-  IMAGE_NAME: floris272/open-producten-test
+  IMAGE_NAME: maykinmedia/open-producten
   DJANGO_SETTINGS_MODULE: open_producten.conf.ci
   DOCKER_BUILDKIT: '1'
 
 jobs:
+
+  setup:
+    name: Set up the build variables
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${% templatetag openvariable %} steps.vars.outputs.tag {% templatetag closevariable %}
+      git_hash: ${% templatetag openvariable %} steps.vars.outputs.git_hash {% templatetag closevariable %}
+
+    steps:
+      - name: Extract version information
+        id: vars
+        run: |
+          # Strip git ref prefix from version
+          VERSION=$(echo "${% templatetag openvariable %} github.ref {% templatetag closevariable %}" | sed -e 's,.*/\(.*\),\1,')
+
+          # Strip "v" prefix from tag name (if present at all)
+          [[ "${% templatetag openvariable %} github.ref {% templatetag closevariable %}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "main" ] && VERSION=latest
+
+          # PRs result in version 'merge' -> transform that into 'latest'
+          [ "$VERSION" == "merge" ] && VERSION=latest
+
+          echo "tag=${VERSION}" >> $GITHUB_OUTPUT
+          echo "git_hash=${GITHUB_SHA}" >> $GITHUB_OUTPUT
+
   tests:
     name: Run the Django test suite
     runs-on: ubuntu-latest
@@ -29,17 +56,21 @@ jobs:
         ports:
           - 5432:5432
         # Needed because the postgres container does not provide a healthcheck
-        options:
-          --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+        options: >-
+          --name postgres
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
           --name postgres
       redis:
         image: redis:6
         ports:
           - 6379:6379
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up backend environment
-        uses: maykinmedia/setup-django-backend@v1
+        uses: maykinmedia/setup-django-backend@v1.3
         with:
           python-version: '3.11'
           optimize-postgres: 'yes'
@@ -48,13 +79,6 @@ jobs:
           # apt-packages: 'gettext postgresql-client'  # the default
           # npm-ci-flags: '--legacy-peer-deps' -> preferably use a .npmrc file
 
-      # Any additional services -> create docker-compose setups in a (new) `docker`
-      # subdirectory.
-      # - name: Start CI docker services
-      #   run: |
-      #     docker-compose -f docker-compose.ci.yml up -d
-      #   working-directory: docker
-
       - name: Run tests
         run: |
           python src/manage.py compilemessages
@@ -87,56 +111,74 @@ jobs:
   #   runs-on: ubuntu-latest
 
   #   steps:
-  #     - uses: actions/checkout@v3
-  #     - uses: actions/setup-python@v4
+  #     - uses: actions/checkout@v4
+  #     - uses: maykinmedia/setup-django-backend@v1.3
   #       with:
-  #         python-version: '3.9'
-
-  #     # - name: Install OS dependencies
-  #     #   run: |
-  #     #     sudo apt-get update
-  #     #     sudo apt-get install libxml2-dev libxmlsec1-dev libxmlsec1-openssl
-
-  #     - name: Install dependencies
-  #       run: |
-  #         pip install -r requirements/ci.txt
+  #         python-version: '3.11'
+  #         setup-node: 'no'
+  #         # apt-packages: 'gettext postgresql-client'  # the default
 
   #     - name: Build and test docs
+  #       run: |
+  #         export OPENSSL_CONF=$(pwd)/openssl.conf
+  #         pytest check_sphinx.py -v --tb=auto
   #       working-directory: docs
-  #       run: pytest check_sphinx.py -v --tb=auto
 
-  docker:
-    needs: tests
-    name: Build (and push) Docker image
+  docker_build:
+    name: Build Docker image
     runs-on: ubuntu-latest
+    outputs:
+      image_tag: ${% templatetag openvariable %} steps.image_build.outputs.image_tag {% templatetag closevariable %}
+
+    needs:
+      - setup
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Set tag
-        id: vars
+      - uses: actions/checkout@v4
+
+      - name: Build the production Docker image
+        id: image_build
         run: |
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          image_tag="$IMAGE_NAME:$RELEASE_VERSION"
+          echo "image_tag=${image_tag}" >> $GITHUB_OUTPUT
+          docker build . \
+            --tag $image_tag \
+            --build-arg COMMIT_HASH=${% templatetag openvariable %} needs.setup.outputs.git_hash {% templatetag closevariable %} \
+            --build-arg RELEASE=${% templatetag openvariable %} needs.setup.outputs.tag {% templatetag closevariable %} \
+        env:
+          RELEASE_VERSION: ${% templatetag openvariable %} needs.setup.outputs.tag {% templatetag closevariable %}
 
-          # Strip "v" prefix from tag name (if present at all)
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+      - run: docker image save -o image.tar $IMAGE_NAME:${% templatetag openvariable %} needs.setup.outputs.tag {% templatetag closevariable %}
+      - name: Store image artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: docker-image
+          path: image.tar
+          retention-days: 1
 
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "develop" ] && VERSION=latest
+  docker_push:
+    needs:
+      - tests
+      - docker_build
 
-          echo ::set-output name=tag::${VERSION}
+    name: Push Docker image
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push' # Exclude PRs
 
-      - name: Build the Docker image
-        env:
-          RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
-        run: docker build . --tag $IMAGE_NAME:$RELEASE_VERSION
+    steps:
+      - name: Download built image
+        uses: actions/download-artifact@v4
+        with:
+          name: docker-image
+
+      - name: Load image
+        run: |
+          docker image load -i image.tar
 
       - name: Log into registry
-        if: github.event_name == 'push' # exclude PRs
-        run: echo "${{ secrets.DOCKER_TOKEN }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+        run:
+          echo "${% templatetag openvariable %} secrets.DOCKER_TOKEN {% templatetag closevariable %}" | docker login -u ${% templatetag openvariable %} secrets.DOCKER_USERNAME {% templatetag closevariable %}
+          --password-stdin
 
-      - name: Push the Docker image
-        if: github.event_name == 'push' # exclude PRs
-        env:
-          RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
-        run: docker push $IMAGE_NAME:$RELEASE_VERSION
+      - name: Push the Docker image (production)
+        run: docker push ${% templatetag openvariable %} needs.docker_build.outputs.image_tag {% templatetag closevariable %}