Skip to content

Merge pull request #920 from vatger/dependabot/npm_and_yarn/atciss-fr… #2528

Merge pull request #920 from vatger/dependabot/npm_and_yarn/atciss-fr…

Merge pull request #920 from vatger/dependabot/npm_and_yarn/atciss-fr… #2528

Workflow file for this run

name: CI
on:
pull_request:
push:
branches: [main]
env:
CI_PROJECT_PATH: ${{ github.repository }}
permissions:
contents: read
jobs:
devshell:
name: Build development shells
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: atciss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Build development shells
run: |
nix run .#nix-fast-build -- -f .#devShells.x86_64-linux --no-nom --skip-cached
lint:
name: Code Lint
runs-on: ubuntu-latest
needs:
- devshell
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: atciss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Check code formatting
run: nix run .#format
- name: Run ruff
run: nix run .#ruff
- name: Run pylint
run: nix run .#pylint
- name: Run eslint
run: nix run .#eslint
flake-check:
name: Flake Check
runs-on: ubuntu-latest
needs:
- devshell
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: atciss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Build flake outputs
run: |
nix run .#nix-fast-build -- --no-nom --skip-cached
docker-images:
name: Docker Images
runs-on: ubuntu-latest
needs:
- lint
- flake-check
permissions: write-all
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # v15
with:
name: atciss
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker images
run: |
for target in backend frontend; do
nix build -L .#$target-image
if [ "$GITHUB_EVENT_NAME" != "pull_request" ]; then
skopeo copy --insecure-policy docker-archive://$(readlink -f ./result) docker://ghcr.io/$CI_PROJECT_PATH/atciss-$target:$GITHUB_SHA
fi
tag=$GITHUB_REF_NAME
if [ "$GITHUB_REF_NAME" == "main" ]; then
tag=latest
fi
if [ "$GITHUB_EVENT_NAME" != "pull_request" ]; then
skopeo copy --insecure-policy docker-archive://$(readlink -f ./result) docker://ghcr.io/$CI_PROJECT_PATH/atciss-$target:$tag
fi
done
- name: Deploy to production
if: github.ref == 'refs/heads/main'
run: |
git push origin HEAD:production