Merge pull request #1156 from guardian/aa/cfn-deploy-proper #1678
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions | |
name: CI | |
on: | |
pull_request: | |
# Manual invocation. | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
jobs: | |
CI: | |
runs-on: ubuntu-latest | |
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: write # required by guardian/actions-riff-raff | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
# Configuring caching is also recommended. | |
# See https://github.com/actions/setup-java | |
- name: Setup Java 11 | |
uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 | |
with: | |
java-version: '11' | |
distribution: 'corretto' | |
cache: 'sbt' | |
- name: Setup Node | |
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 | |
with: | |
node-version-file: '.nvmrc' | |
cache: 'npm' | |
cache-dependency-path: 'cdk/package-lock.json' | |
# This step creates an environment variable `BUILD_NUMBER`. | |
# It is used by: | |
# - The `script/ci` script | |
# - The CDK infrastructure | |
# - The `guardian/actions-riff-raff` GitHub Action | |
- run: | | |
LAST_TEAMCITY_BUILD=1265 | |
echo "BUILD_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD ))" >> $GITHUB_ENV | |
- name: Run script/ci | |
run: ./script/ci | |
- uses: guardian/actions-riff-raff@a8a8cabedb56d2d8922017efedba7fd09e5e6980 # v4.0.6 | |
with: | |
projectName: security-hq | |
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }} | |
buildNumber: ${{ env.BUILD_NUMBER }} | |
githubToken: ${{ secrets.GITHUB_TOKEN }} | |
configPath: hq/conf/riff-raff.yaml | |
contentDirectories: | | |
security-hq-cfn: | |
- cdk/cdk.out/security-hq.template.json | |
security-hq: | |
- dist |