CI/CD
The nhic_dbt CI/CD pipeline is defined in .github/workflows/dbt.yaml in the monorepo. It builds and publishes a Docker image on every PR and push to main. Production dbt runs are not triggered from CI — they are managed by Prefect.
Pipeline overview
Workflow steps
Checkout — Standard actions/checkout with full history.
AWS credentials — Configured via OIDC (no long-lived secrets). The GitHub repository Sand-EnterpriseAI/Healthcare.MOH.RWA.HIC is trusted by the AWS account.
AWS Account: 600627345833
Region: eu-west-1Docker build — The nhic_dbt Dockerfile packages the dbt project with all Python dependencies. The image is tagged dbt.
ECR push — The image is pushed to the dbt ECR repository in eu-west-1. The image tag is fixed (dbt) so Prefect always pulls the latest build.
Production runs via Prefect
dbt is never run directly from CI in production. After the Docker image is pushed to ECR, Prefect workflows (workflows/models/ in the Prefect project) pull the image and execute dbt commands as part of scheduled or triggered data pipeline runs.
This separation means:
- CI is responsible for building and publishing a valid image
- Prefect is responsible for scheduling, orchestrating, and retrying production runs
- dbt run logs and artefacts are visible in the Prefect UI
To trigger a production dbt run manually, use the Prefect UI or CLI to start the relevant deployment — do not run dbt run directly against the production database.
Adding a new workflow step
If you need to change the CI pipeline (e.g., add a linting step or update the ECR tag strategy), edit .github/workflows/dbt.yaml in the monorepo root and open a PR for review.