diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index da77542d..8fb82263 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -27,16 +27,20 @@ jobs: name: Image build and push runs-on: ubuntu-latest outputs: - image_name_tag: ${{ steps.build_image.outputs.ghcr_image_name_tag }} + docker-image-tag: ${{ steps.build-image.outputs.tag }} steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/build-image - id: build_image + - name: Build and push docker image + id: build-image + uses: DFE-Digital/github-actions/build-docker-image@master with: - github_username: ${{ github.actor }} - github_token: ${{ secrets.GITHUB_TOKEN }} - registry: ghcr.io + github-token: ${{ secrets.GITHUB_TOKEN }} + context: . + docker-repository: ghcr.io/dfe-digital/access-your-teaching-qualifications + max-cache: true + reuse-cache: true + snyk-token: ${{ secrets.SNYK_TOKEN }} deploy_review_app: name: Deploy to review environment @@ -58,7 +62,7 @@ jobs: id: deploy with: environment: review - image-tag: ${{ github.sha }} + image-tag: ${{ needs.build_image.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} pull-request-number: ${{ github.event.number }} @@ -113,7 +117,7 @@ jobs: id: deploy with: environment: ${{ matrix.environment }} - image-tag: ${{ github.sha }} + image-tag: ${{ needs.build_image.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} deploy_production: @@ -135,5 +139,5 @@ jobs: id: deploy with: environment: production - image-tag: ${{ github.sha }} + image-tag: ${{ needs.build_image.outputs.docker-image-tag }} azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} diff --git a/.github/workflows/build-nocache.yml b/.github/workflows/build-nocache.yml new file mode 100644 index 00000000..c90326d2 --- /dev/null +++ b/.github/workflows/build-nocache.yml @@ -0,0 +1,40 @@ +name: Build No Cache + +on: + workflow_dispatch: + schedule: + - cron: '30 12 * * 0' + # Will run once a week on Sunday afternoon + +jobs: + build-no-cache: + env: + DOCKER_REPOSITORY: ghcr.io/dfe-digital/access-your-teaching-qualifications + outputs: + docker-image-tag: ${{ steps.build-image.outputs.tag }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + name: Checkout + + - name: Build without cache and push docker image + id: build-image + uses: DFE-Digital/github-actions/build-docker-image@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + context: . + docker-repository: ${{ env.DOCKER_REPOSITORY }} + max-cache: true + reuse-cache: false + snyk-token: ${{ secrets.SNYK_TOKEN }} + + - name: Notify slack on failure + uses: rtCamp/action-slack-notify@master + if: ${{ failure() }} + with: + SLACK_USERNAME: CI Deployment + SLACK_COLOR: failure + SLACK_ICON_EMOJI: ':github-logo:' + SLACK_TITLE: 'Build failure' + SLACK_MESSAGE: ':alert: Rebuild docker cache failure :sadparrot:' + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} diff --git a/Dockerfile b/Dockerfile index 19542f88..b2e2e800 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # production: runs the actual app # Build builder image -FROM ruby:3.3.0-alpine as builder +FROM ruby:3.3.0-alpine AS builder # RUN apk -U upgrade && \ # apk add --update --no-cache gcc git libc6-compat libc-dev make nodejs \ @@ -62,7 +62,7 @@ RUN rm -rf node_modules log/* tmp/* /tmp && \ find /usr/local/bundle/gems -name "*.html" -delete # Build runtime image -FROM ruby:3.3.0-alpine as production +FROM ruby:3.3.0-alpine AS production # The application runs from /app WORKDIR /app @@ -70,8 +70,8 @@ WORKDIR /app ENV RAILS_ENV=production # Add the commit sha to the env -ARG GIT_SHA -ENV GIT_SHA=$GIT_SHA +ARG COMMIT_SHA +ENV GIT_SHA=$COMMIT_SHA ENV SHA=$GIT_SHA # Add the timezone (prod image) as it's not configured by default in Alpine