build: update uv, posthog-js, openapi-ts and action versions #1020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish | |
| on: | |
| workflow_dispatch: | |
| # Actions > Build & Publish> Run workflow | |
| # allow ssh access to be enabled via the GH actions UI | |
| inputs: | |
| debug_enabled: | |
| type: boolean | |
| # https://github.com/marketplace/actions/debugging-with-tmate | |
| description: "Run with tmate enabled for ssh debugging" | |
| required: false | |
| default: false | |
| push: | |
| branches: [master] | |
| pull_request: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # run `just secrets_ci_grant-github-actions` to grant CI access to 1Password | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| # for the gh-cli | |
| GH_TOKEN: ${{ github.token }} | |
| # required otherwise github api calls are rate limited | |
| # mise, and other tools, use this token to authenticate and eliminate rate limits | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # a important design goal is to avoid custom configuration in CI. This enables tests to be run in a CI-like environment | |
| # locally, making it easy to replicate CI issues. This is one of the few CI-specific configuration changes since | |
| # the host where services are located is truly unique to the CI environment. | |
| DATABASE_HOST: postgres.localhost | |
| REDIS_HOST: redis.localhost | |
| SMTP_HOST: mailpit.localhost | |
| # https://github.com/Textualize/rich/issues/2769 | |
| COLUMNS: 120 | |
| jobs: | |
| # NOTE there is no global timeout minutes, so we need to set it on each job :/ | |
| app: | |
| name: Backend | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: ./.github/actions/common-setup | |
| timeout-minutes: 2 | |
| - uses: iloveitaly/github-action-localias@master | |
| with: | |
| chrome: true | |
| - run: just up --fast | |
| - run: just py_setup | |
| - run: just py_lint | |
| - run: just db_migrate | |
| - run: just db_lint | |
| - run: just py_test | |
| # NOTE one important problem with `detached` is if something fails, the github environment does seem to get wiped | |
| # for instance GITHUB_ENV, seems to be cleared out. | |
| - uses: mxschmitt/action-tmate@v3 | |
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| with: { detached: true } | |
| - name: Upload test artifacts | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| # playwright traces, screenshots, logs, etc | |
| # traces and pngs allow us to debug e2e test failures | |
| name: test-results | |
| # NOTE if direnv sourcing fails, this var will not be set and it will fail | |
| path: | | |
| ${{ env.TEST_RESULTS_DIRECTORY }} | |
| ${{ env.PLAYWRIGHT_VISUAL_SNAPSHOT_DIRECTORY }} | |
| web: | |
| name: Frontend | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: ./.github/actions/common-setup | |
| timeout-minutes: 2 | |
| - run: just js_setup | |
| - run: just js_lint | |
| - run: just js_test | |
| deploy: | |
| name: 🚀 Deploy | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [web, app] | |
| if: ${{ github.ref == 'refs/heads/master' && github.event_name == 'push' }} | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: ./.github/actions/common-setup | |
| timeout-minutes: 1 | |
| # login before building so previous build image can be pulled for nixpacks cache | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| - run: just build | |
| - run: just build_push |