Skip to content
cd_permanent_preview

Pin all GitHub Actions to commit SHAs and enable Dependablebot (#485) #21

Sign in to view logs

Pin all GitHub Actions to commit SHAs and enable Dependablebot (#485)

Pin all GitHub Actions to commit SHAs and enable Dependablebot (#485) #21

Workflow file for this run

.github/workflows/permanent_preview.yml at 0b73503
name: cd_permanent_preview
on:
push:
branches:
- main
# Ensures permanent preview deployment has minimal read-only permissions for security
permissions:
contents: read # Read-only access to repo contents for safer workflows
id-token: write # Allow OIDC tokens for secure cloud authentication
jobs:
deploy:
runs-on: ubuntu-latest
concurrency:
group: cd-permanent-preview
cancel-in-progress: true
steps:
- name: Checkout app
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
path: app
- name: Checkout github-ci
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
repository: jalantechnologies/github-ci
path: platform
ref: 1e27a09243327a4ed01d42a9bc54965436ac0ba4
- name: Build Docker image
id: build
uses: ./platform/.github/actions/build
with:
app_name: flask-react-app
tag: preview
context: app/.
docker_registry: ${{ vars.DOCKER_REGISTRY }}
docker_username: ${{ vars.DOCKER_USERNAME }}
docker_password: ${{ secrets.DOCKER_PASSWORD }}
- name: Deploy to permanent preview
uses: ./platform/.github/actions/deploy
with:
app_name: flask-react-app
app_env: preview
app_hostname: preview.flask-react-template.platform.bettrhq.com
branch: main
deploy_id: ${{ github.run_number }}
deploy_root: app/lib/kube
deploy_labels: gh/env=preview
deploy_image: ${{ steps.build.outputs.image_ref }}
docker_registry: ${{ vars.DOCKER_REGISTRY }}
docker_username: ${{ vars.DOCKER_USERNAME }}
docker_password: ${{ secrets.DOCKER_PASSWORD }}
do_access_token: ${{ secrets.DO_ACCESS_TOKEN }}
do_cluster_id: ${{ vars.DO_CLUSTER_ID }}
doppler_token: ${{ secrets.DOPPLER_PREVIEW_TOKEN }}