CI: pass secrets to container #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test and Publish Agent | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v*' # Trigger on version tags like v1.0.0, v1.1.0 | |
| jobs: | |
| test-and-publish: | |
| runs-on: ubuntu-latest | |
| # These permissions are required for the workflow to: | |
| # - Read repository contents (checkout code) | |
| # - Write to GitHub Container Registry (push Docker images) | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Extract metadata for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| load: true | |
| platforms: linux/amd64 | |
| - name: Start agent container | |
| env: | |
| SECRETS_JSON: ${{ toJson(secrets) }} | |
| run: | | |
| echo "$SECRETS_JSON" | jq -r 'to_entries[] | "\(.key)=\(.value)"' > .env | |
| docker run -d -p 9009:9009 --name agent-container --env-file .env $(echo "${{ steps.meta.outputs.tags }}" | head -n1) --host 0.0.0.0 --port 9009 | |
| timeout 30 bash -c 'until curl -sf http://localhost:9009/.well-known/agent-card.json > /dev/null; do sleep 1; done' | |
| - name: Set up uv | |
| uses: astral-sh/setup-uv@v4 | |
| - name: Install test dependencies | |
| run: uv sync --extra test | |
| - name: Run tests | |
| run: uv run pytest -v --agent-url http://localhost:9009 | |
| - name: Stop container and show logs | |
| if: always() | |
| run: | | |
| echo "=== Agent Container Logs ===" | |
| docker logs agent-container || true | |
| docker stop agent-container || true | |
| - name: Log in to GitHub Container Registry | |
| if: success() && github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push Docker image | |
| if: success() && github.event_name != 'pull_request' | |
| run: docker push --all-tags ghcr.io/${GITHUB_REPOSITORY,,} | |
| - name: Output image digest | |
| if: success() && github.event_name != 'pull_request' | |
| run: | | |
| echo "## Docker Image Published :rocket:" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Tags:** ${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY |