Skip to content

chore(deps): update dependency sidekiq to '~> 7.1.0' [security] (#888) #165

chore(deps): update dependency sidekiq to '~> 7.1.0' [security] (#888)

chore(deps): update dependency sidekiq to '~> 7.1.0' [security] (#888) #165

Workflow file for this run

name: Publish Image
on:
push:
branches: [staging, master]
workflow_call:
inputs:
sha:
description: The commit SHA to run the workflow on
required: false
type: string
secrets:
rails_master_key:
description: The Rails master key
required: true
sentry_auth_token:
description: The Sentry integration's token
required: true
workflow_dispatch:
env:
PROJECT_NAME: sofia
jobs:
metadata:
name: Metadata
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.get_metadata.outputs.tag }}
build_args: ${{ steps.get_metadata.outputs.build_args }}
steps:
- name: Get metadata
id: get_metadata
env:
INPUT_SHA: ${{ inputs.sha }}
run: |
if [ "$GITHUB_REF_NAME" = 'master' ]; then
echo 'tag=latest' >> "$GITHUB_OUTPUT"
else
echo 'tag='"$GITHUB_REF_NAME" >> "$GITHUB_OUTPUT"
fi
if [ "$GITHUB_REF_NAME" = 'staging' ] || [ "$GITHUB_REF_NAME" = 'master' ]; then
BUILD_ARGS='BUILD_HASH='${INPUT_SHA:-$GITHUB_SHA}
echo 'build_args='"$BUILD_ARGS" >> "$GITHUB_OUTPUT"
fi
publish:
name: Publish
runs-on: ubuntu-latest
needs: metadata
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ inputs.sha }}
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
- name: Login to GitHub Container Registry
uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
with:
registry: ${{ vars.DOCKER_REGISTRY_URL }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push image
id: build_push_image
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
push: true
context: .
build-args: ${{ needs.metadata.outputs.build_args }}
secrets: |
rails_master_key=${{ secrets.RAILS_MASTER_KEY }}
cache-from: type=gha,scope=main
cache-to: type=gha,scope=main
tags: |
${{ vars.DOCKER_REGISTRY_URL }}/${{ github.repository_owner }}/${{ env.PROJECT_NAME }}:${{
needs.metadata.outputs.tag }}
- name: Get sourcemaps from image
if: ${{ !(github.event_name == 'workflow_dispatch' && github.workflow == 'Publish Image') }}
env:
IMAGE_NAME: ${{ fromJSON(steps.build_push_image.outputs.metadata)['image.name'] }}
run: |
docker cp "$(docker create "$IMAGE_NAME")":/app/public/packs/js/. sourcemaps
- name: Create Sentry release
if: ${{ !(github.event_name == 'workflow_dispatch' && github.workflow == 'Publish Image') }}
uses: getsentry/action-release@e769183448303de84c5a06aaaddf9da7be26d6c7 # v1.7.0
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ vars.SENTRY_ORG_NAME }}
SENTRY_PROJECT: ${{ env.PROJECT_NAME }}
with:
finalize: false
sourcemaps: sourcemaps
version: ${{ inputs.sha }}
url_prefix: ~/packs/js/
update_check_run:
name: Update Check Run
runs-on: ubuntu-latest
needs: [metadata, publish]
if: github.event_name == 'workflow_dispatch' && github.workflow == 'Publish Image' && always()
permissions:
checks: write
steps:
- name: Get conclusion
id: get_conclusion
env:
RESULTS: ${{ join(needs.*.result, ' ') }}
run: |
echo 'conclusion=success' >> "$GITHUB_OUTPUT"
for RESULT in $RESULTS; do
if [ "$RESULT" = 'cancelled' ] || [ "$RESULT" = 'failure' ]; then
echo 'conclusion='"$RESULT" >> "$GITHUB_OUTPUT"
break
fi
done
- name: Update Publish Image check run
uses: LouisBrunner/checks-action@6b626ffbad7cc56fd58627f774b9067e6118af23 # v2.0.0
with:
token: ${{ github.token }}
name: Publish Image
conclusion: ${{ steps.get_conclusion.outputs.conclusion }}
details_url: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}