name: Container Images CI on: pull_request: concurrency: group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} cancel-in-progress: true jobs: posthog_build: name: Build Docker image runs-on: ubuntu-latest permissions: id-token: write # allow issuing OIDC tokens for this workflow run contents: read # allow at least reading the repo contents, add other permissions if necessary steps: # If this run wasn't initiated by PostHog Bot (meaning: snapshot update), # cancel previous runs of snapshot update-inducing workflows - uses: n1hility/cancel-previous-runs@v3 if: github.actor != 'posthog-bot' with: token: ${{ secrets.GITHUB_TOKEN }} workflow: .github/workflows/storybook-chromatic.yml - uses: n1hility/cancel-previous-runs@v3 if: github.actor != 'posthog-bot' with: token: ${{ secrets.GITHUB_TOKEN }} workflow: .github/workflows/ci-backend.yml - name: Check out uses: actions/checkout@v3 - name: Build and cache Docker image in Depot uses: ./.github/actions/build-n-cache-image with: actions-id-token-request-url: ${{ env.ACTIONS_ID_TOKEN_REQUEST_URL }} deploy_preview: name: Deploy preview environment uses: ./.github/workflows/pr-deploy.yml needs: [posthog_build] secrets: inherit if: ${{ contains(github.event.pull_request.labels.*.name, 'deploy') }} lint: name: Lint changed Dockerfiles runs-on: ubuntu-latest steps: - name: Check out uses: actions/checkout@v3 with: fetch-depth: 0 - name: Check if any Dockerfile has changed id: changed-files uses: tj-actions/changed-files@v42 with: files: | **/Dockerfile **/*.Dockerfile **/Dockerfile.* separator: ' ' - name: Lint changed Dockerfile(s) with Hadolint uses: jbergstroem/hadolint-gh-action@v1 if: steps.changed-files.outputs.any_changed == 'true' with: dockerfile: '${{ steps.changed-files.outputs.all_modified_files }}'