Skip to content

Merge pull request #1156 from guardian/aa/cfn-deploy-proper #1678

Merge pull request #1156 from guardian/aa/cfn-deploy-proper

Merge pull request #1156 from guardian/aa/cfn-deploy-proper #1678

Workflow file for this run

# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
name: CI
on:
pull_request:
# Manual invocation.
workflow_dispatch:
push:
branches:
- main
jobs:
CI:
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
id-token: write
contents: read
pull-requests: write # required by guardian/actions-riff-raff
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
# Configuring caching is also recommended.
# See https://github.com/actions/setup-java
- name: Setup Java 11
uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2
with:
java-version: '11'
distribution: 'corretto'
cache: 'sbt'
- name: Setup Node
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
with:
node-version-file: '.nvmrc'
cache: 'npm'
cache-dependency-path: 'cdk/package-lock.json'
# This step creates an environment variable `BUILD_NUMBER`.
# It is used by:
# - The `script/ci` script
# - The CDK infrastructure
# - The `guardian/actions-riff-raff` GitHub Action
- run: |
LAST_TEAMCITY_BUILD=1265
echo "BUILD_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD ))" >> $GITHUB_ENV
- name: Run script/ci
run: ./script/ci
- uses: guardian/actions-riff-raff@a8a8cabedb56d2d8922017efedba7fd09e5e6980 # v4.0.6
with:
projectName: security-hq
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
buildNumber: ${{ env.BUILD_NUMBER }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
configPath: hq/conf/riff-raff.yaml
contentDirectories: |
security-hq-cfn:
- cdk/cdk.out/security-hq.template.json
security-hq:
- dist