Update github actions to use 1password (#482) #185
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Render, and Push | |
| on: | |
| push: | |
| branches: [ staging, master ] | |
| jobs: | |
| # This workflow contains a single job called "build-all" | |
| build-all: | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| # Steps represent a sequence of tasks that will be executed as part of the job | |
| steps: | |
| - name: Load 1Password secrets | |
| uses: 1password/load-secrets-action@v1 | |
| with: | |
| export-env: true | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.TRAINING_OP_SERVICE_ACCOUNT_TOKEN }} | |
| DOCKER_USER: ${{ secrets.OP_DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.OP_DOCKER_PASSWORD }} | |
| ACTION_MONITORING_SLACK: ${{ secrets.OP_ACTION_MONITORING_SLACK }} | |
| DOCS_BOT_GITHUB_TOKEN: ${{ secrets.OP_DOCS_BOT_GITHUB_TOKEN }} | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| # get the full repo | |
| fetch-depth: 0 | |
| # use alexslemonade-docs-bot | |
| token: ${{ env.DOCS_BOT_GITHUB_TOKEN }} | |
| - name: Checkout pages branch and sync with changes | |
| run: | | |
| echo $GITHUB_REF | |
| if [ $GITHUB_REF == 'refs/heads/master' ] | |
| then | |
| pages_branch="gh-pages" | |
| elif [ $GITHUB_REF == 'refs/heads/staging' ] | |
| then | |
| pages_branch="gh-pages-stages" | |
| fi | |
| git config --local user.email "actions@github.com" | |
| git config --local user.name "Alex's Lemonade Docs Bot" | |
| git checkout $pages_branch | |
| git merge -s recursive --strategy-option=theirs ${{ github.event.after }} | |
| # Login to Dockerhub | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ env.DOCKER_USER }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| # set up Docker build | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # Build the Docker image | |
| - name: Build and Load Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: false | |
| load: true | |
| context: docker | |
| file: docker/Dockerfile | |
| tags: ccdl/refinebio-examples:latest | |
| # push the Docker image if this is staging | |
| - name: Push Docker image | |
| if: github.ref == 'refs/heads/staging' | |
| run: docker push ccdl/refinebio-examples:latest | |
| # retag and push the Docker image if this is master | |
| - name: Push release Docker image | |
| if: github.ref == 'refs/heads/master' | |
| run: | | |
| docker tag ccdl/refinebio-examples:latest ccdl/refinebio-examples:release | |
| docker push ccdl/refinebio-examples:release | |
| - name: Download data | |
| run: bash scripts/download-data.sh | |
| env: | |
| AWS_EC2_METADATA_DISABLED: true | |
| - name: Render all pages to html | |
| run: | | |
| docker run \ | |
| --mount type=bind,target=/home/rstudio,source=$PWD \ | |
| ccdl/refinebio-examples \ | |
| snakemake --cores 2 --forceall | |
| # If we are on the staging branch, do not publish to github pages | |
| - name: Commit changed html back to non-public pages | |
| if: github.ref == 'refs/heads/staging' | |
| run: | | |
| git add -A | |
| git commit -m 'Render html, do not publish' || echo "No changes to commit" | |
| git push origin gh-pages-stages || echo "No changes to push" | |
| # If we are on the master branch, publish to github pages! | |
| - name: Commit changed html to public pages | |
| if: github.ref == 'refs/heads/master' | |
| run: | | |
| git add -A | |
| git commit -m 'Render html and publish' || echo "No changes to commit" | |
| git push origin gh-pages || echo "No changes to push" | |
| # If we have a failure, Slack us | |
| - name: Report failure to Slack | |
| if: always() | |
| uses: ravsamhq/notify-slack-action@v2 | |
| with: | |
| status: ${{ job.status }} | |
| notify_when: 'failure' | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ env.ACTION_MONITORING_SLACK }} | |
| SLACK_MESSAGE: 'Build, Render, and Push failed' |