Merge pull request #123 from opensafely-core/workflow-permissions #52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| env: | |
| UBUNTU_PRO_TOKEN: ${{ secrets.UBUNTU_PRO_TOKEN }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| publish: | |
| # note: this builds/tests all versions in serial for two reasons. Firstly we | |
| # want all versions to release or none of them. Secondly, we will be able | |
| # publish the exact images that were built and tested. | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: "opensafely-core/setup-action@v1" | |
| with: | |
| install-just: true | |
| - name: Build images | |
| run: | | |
| just build v1 | |
| just build v2 | |
| - name: Run tests | |
| run: | | |
| just test v1 | |
| just test v2 | |
| - name: Run linters | |
| run: just check | |
| - name: Log into GitHub Container Registry | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin | |
| - name: Push image to GitHub Container Registry | |
| run: | | |
| just publish v1 true | |
| just publish v2 true |