Skip to content

Merge pull request #877 from InseeFrLab/readonly_policy #1078

Merge pull request #877 from InseeFrLab/readonly_policy

Merge pull request #877 from InseeFrLab/readonly_policy #1078

Workflow file for this run

name: ci
on:
push:
branches:
- main
- v*
pull_request:
branches:
- main
permissions:
actions: read
contents: write
pages: write
jobs:
test_web:
runs-on: ubuntu-latest
steps:
- uses: InseeFrLab/onyxia@gh-actions
with:
action_name: checkout
sub_directory: web
- uses: actions/[email protected]
- uses: bahmutov/[email protected]
env:
XDG_CACHE_HOME: "/home/runner/.cache/yarn"
- run: yarn test
- run: yarn build
- run: npx keycloakify build
test_helm-chart:
runs-on: ubuntu-latest
steps:
- uses: InseeFrLab/onyxia@gh-actions
with:
action_name: checkout
sub_directory: helm-chart
- uses: azure/[email protected]
- run: helm lint .
prepare_release:
needs:
- test_web
- test_helm-chart
runs-on: ubuntu-latest
outputs:
new_web_docker_image_tags: ${{steps._.outputs.new_web_docker_image_tags}}
new_chart_version: ${{steps._.outputs.new_chart_version}}
release_name: ${{steps._.outputs.release_name}}
release_body: ${{steps._.outputs.release_body}}
release_tag_name: ${{steps._.outputs.release_tag_name}}
target_commit: ${{steps._.outputs.target_commit}}
web_tag_name: ${{steps._.outputs.web_tag_name}}
steps:
# NOTE: The code for this action is in the gh-actions branch of this repo
- uses: InseeFrLab/onyxia@gh-actions
id: _
with:
action_name: prepare_release
publish_web_docker_image:
runs-on: ubuntu-latest
needs: prepare_release
if: needs.prepare_release.outputs.new_web_docker_image_tags != ''
steps:
- uses: InseeFrLab/onyxia@gh-actions
with:
action_name: checkout
sub_directory: web
sha: ${{needs.prepare_release.outputs.target_commit}}
- uses: docker/[email protected]
- uses: docker/[email protected]
- uses: docker/[email protected]
with:
username: ${{secrets.DOCKERHUB_USERNAME}}
password: ${{secrets.DOCKERHUB_TOKEN}}
- uses: docker/[email protected]
with:
push: true
context: .
tags: ${{needs.prepare_release.outputs.new_web_docker_image_tags}}
platforms: "${{ needs.prepare_release.outputs.new_chart_version != '' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}"
release:
runs-on: ubuntu-latest
needs: prepare_release
if: needs.prepare_release.outputs.new_chart_version != ''
steps:
- uses: InseeFrLab/onyxia@gh-actions
with:
action_name: checkout
sub_directory: web
sha: ${{needs.prepare_release.outputs.target_commit}}
- uses: actions/[email protected]
- uses: bahmutov/[email protected]
env:
XDG_CACHE_HOME: "/home/runner/.cache/yarn"
- run: yarn build-keycloak-theme
env:
KEYCLOAKIFY_THEME_VERSION: ${{needs.prepare_release.outputs.new_chart_version}}
- uses: yogeshlonkar/[email protected]
with:
ignore-skipped: true
jobs: publish_web_docker_image
ttl: 40
no-max-ttl: true
- uses: InseeFrLab/onyxia@gh-actions
with:
action_name: release_helm_chart
sha: ${{needs.prepare_release.outputs.target_commit}}
- uses: InseeFrLab/onyxia@gh-actions
if: needs.prepare_release.outputs.web_tag_name != ''
with:
action_name: create_tag
tag_name: ${{needs.prepare_release.outputs.web_tag_name}}
sha: ${{needs.prepare_release.outputs.target_commit}}
- uses: softprops/action-gh-release@v1
with:
name: ${{needs.prepare_release.outputs.release_name}}
body: ${{needs.prepare_release.outputs.release_body}}
tag_name: ${{needs.prepare_release.outputs.release_tag_name}}
target_commitish: ${{needs.prepare_release.outputs.target_commit}}
generate_release_notes: true
files: |
dist_keycloak/*.jar
onyxia-${{needs.prepare_release.outputs.new_chart_version}}.tgz
env:
# NOTE: We can't use github.token because it would not trigger the dispatch workflow.
GITHUB_TOKEN: ${{secrets.MY_GITHUB_TOKEN}}