Publishing
Github actions
We use GitHub Actions, as the CI/CD pipeline.
GitHub Actions make it easy to automate all our software workflows. They build, test, and deploy the code right from GitHub.
All the heavy lifting is done by GitHub. GitHub will simply use the files defined in .github/workflows to do the setup.
We trigger the reusable workflow like this (note that the chart is slightly outdated):
Since we are using trunk based development, all pushes to main trigger a release to a test environment.
Release to production is triggered when we merge in the auto-generated pull requests (that contains changelogs) that are created by the create-release-pr.yaml Github action.
Workflows
Overview
Reusable workflows
| Workflow | Job | Purpose |
|---|---|---|
| codeql-security-analysis.yaml | analyze | Runs CodeQL on the source code |
| create-release-pr.yaml | release-please | Creates a new release on GitHub |
| deploy-to-radix.yaml | deploy-on-radix | Deploys the services to Radix |
| generate-changelog.yaml | generate-changelog | Automatically generates changelogs based on commit messages |
| label-importer.yaml | labeler | Import labels from labels.yml |
| publish-docs.yaml | publish-docs | Builds and publishes the latest docs to GitHub pages |
| publish-image.yaml | build-and-publish-web-main | Builds and publishes the Docker image for the Web (frontend) |
| build-and-publish-api-main | Builds and publishes the Docker image for the API (backend) | |
| build-and-publish-nginx | Builds and publishes the Docker image for the Nginx proxy | |
| tests.yaml | pre-commit | Runs the pre-commit hooks. See Hooks for details |
| test-api | Runs tests on the API (backend) using pytest and behave | |
| test-web | Runs tests on the Web (frontend) | |
| test-docs | Checks that the doc pages build without errors |
Triggerable workflows
| Workflow | Job | Purpose |
|---|---|---|
| on-pull-request.yaml | codeql | Uses the codeql-security-analysis workflow |
| tests | Uses the tests workflow | |
| on-push-main-branch.yaml | codeql | Uses the codeql-security-analysis workflow |
| tests | Uses the tests workflow | |
| generate-changelog | Uses the generate-changelog workflow | |
| docs | Uses the publish-docs workflow | |
| publish-latest | Uses the publish-image workflow to create a docker image for the test environment | |
| deploy-test | Uses the deploy-to-radix workflow to deploy to the test environment | |
| release-please | Creates a new release PR on GitHub | |
| publish-production | Uses the publish-image workflow to create a docker image for the prod environment | |
| deploy-prod | Uses the deploy-to-radix workflow to deploy to the prod environment | |
| on-weekly.yaml | codeql | Uses the codeql-security-analysis workflow |
Reusable workflows
A reusable workflow is just like any GitHub Actions workflow with one key difference - it includes a workflow_call trigger.
The
create-release-pr.yamlworkflow will automatically create a pull request with an auto-generated changelog. It also bumps the version code (using semantic versioning, depending on the types of commits) and create a tagged release that can be used to deploy to production.The
tests.yamlworkflow will automatically run all types of tests.The
publish-docs.yamlworkflow will build the documentation. Then it will deploy the documentation (placed in the site folder) to GitHub Pages.
Changelogs
We auto-generate changelogs by following the conventional commits specification.
How to generate
Auto-generated
The Github action release-please.yaml is a workflow that will automatically create a pull request with an auto-generated changelog every time code is pushed to the main branch.
Locally
Sometimes it is nice to generate the changelogs locally for testing.
It is possible to use act to run Github actions locally.
act -j release-please -s GITHUB_TOKEN=<GITHUB_TOKEN>
GITHUB_TOKEN: Log in to GitHub and generate a personal access token (PaT) from Personal settings -> Developer settings -> Personal access tokens.