Skip to content

chore(deps): update all non-major dependencies #776

chore(deps): update all non-major dependencies

chore(deps): update all non-major dependencies #776

Workflow file for this run

name: CI/CD
on:
push:
branches:
- '**'
tags-ignore:
- '**'
workflow_dispatch:
permissions:
id-token: write
contents: write
packages: write
env:
AWS_REGION: us-east-1
jobs:
tests:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version-file: '.python-version'
- name: Install dependencies
working-directory: app
shell: bash
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Run pytest
working-directory: app
shell: bash
run: pytest test.py
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Build container
uses: docker/build-push-action@v6
with:
platforms: linux/amd64
context: app
push: false
tags: ${{ github.sha }}
semantic-release:
name: 'Semantic Release'
needs: [ tests, build ]
# We run semantic-release only on merges to main branch
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
# To avoid race conditions, this makes sure semantic-release is async
concurrency: 'semantic-release'
outputs:
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
new_release_git_tag: ${{ steps.semantic.outputs.new_release_git_tag }}
steps:
- name: 'Checkout'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: 'Setup Node'
uses: actions/setup-node@v4.1.0
with:
node-version: 18.15.0
- name: Semantic bot token
id: bot-token
uses: getsentry/action-github-app-token@v3.0.0
with:
app_id: ${{ secrets.SEMANTIC_APP_ID }}
private_key: ${{ secrets.SEMANTIC_APP_PRIVATE_KEY }}
- name: Semantic Release
id: semantic
uses: cycjimmy/semantic-release-action@v4.1.0
with:
semantic_version: 19.0.5
extra_plugins: |
conventional-changelog-conventionalcommits@5.0.0
env:
GITHUB_TOKEN: ${{ steps.bot-token.outputs.token }}
publish:
if: needs.semantic-release.outputs.new_release_published == 'true'
needs: semantic-release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.GHA_ASSUME_ROLE }}
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.ECR_ROLE }}
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
role-duration-seconds: 3000
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build container
uses: docker/build-push-action@v6
with:
platforms: linux/amd64
context: app
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ vars.ECR_REPO }}:${{ needs.semantic-release.outputs.new_release_git_tag }}
update-repo:
needs: [publish, semantic-release]
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
- name: Semantic bot token
id: bot-token
uses: getsentry/action-github-app-token@v3.0.0
with:
app_id: ${{ secrets.SEMANTIC_APP_ID }}
private_key: ${{ secrets.SEMANTIC_APP_PRIVATE_KEY }}
- name: Update image tag in terraform.tfvars
working-directory: terraform
run: |
cp terraform.tfvars terraform.tfvars.bak
echo 'latest_image_tag = "${{ needs.semantic-release.outputs.new_release_git_tag }}"' > terraform.tfvars
cat terraform.tfvars.bak | tail -n+2 >> terraform.tfvars
- name: Setup Git User
run: |
# Extract commit information
AUTHOR_NAME=$(git show -s --format='%an' ${{ github.event.inputs.commit }})
AUTHOR_EMAIL=$(git show -s --format='%ae' ${{ github.event.inputs.commit }})
git config --local user.email "${AUTHOR_EMAIL}"
git config --local user.name "${AUTHOR_NAME}"
- name: Commit files
run: |
git pull origin main
git add terraform/terraform.tfvars
git commit -m "chore: update image tag to ${{ needs.semantic-release.outputs.new_release_git_tag }} [skip ci]"
- name: Push changes
uses: ad-m/github-push-action@master
with:
github_token: ${{ steps.bot-token.outputs.token }}
branch: main