chore(deps): lock file maintenance #2487
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - "**" | |
| defaults: | |
| run: | |
| # NOTE: A bit stricter than the default bash options used by GitHub Actions | |
| # (bash --noprofile --norc -e -o pipefail {0}) | |
| shell: bash --noprofile --norc -euo pipefail {0} | |
| # NOTE: Set concurrency for the current workflow to 1 | |
| concurrency: ci-${{ github.ref }}-${{ github.workflow }} | |
| jobs: | |
| build-and-deploy: | |
| timeout-minutes: 60 | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| actions: read | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: capralifecycle/actions-lib/check-runtime-dependencies@7887a32ad872a79a8e00817659a30876f0a8f1be # v1.5.5 | |
| - uses: capralifecycle/actions-lib/parse-config@7887a32ad872a79a8e00817659a30876f0a8f1be # v1.5.5 | |
| id: config | |
| with: | |
| config-file: ".ldp.json" | |
| - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
| with: | |
| node-version: 16.20.2 | |
| - uses: capralifecycle/actions-lib/configure-npm@7887a32ad872a79a8e00817659a30876f0a8f1be # v1.5.5 | |
| - uses: capralifecycle/actions-lib/configure-aws-credentials@7887a32ad872a79a8e00817659a30876f0a8f1be # v1.5.5 | |
| id: aws | |
| with: | |
| aws-account-id: ${{ steps.config.outputs.accountId }} | |
| # NOTE: We use different roles on default and non-default branches | |
| aws-iam-role-name: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && steps.config.outputs.roleName || steps.config.outputs.limitedRoleName }} | |
| - name: install dependencies | |
| run: npm ci | |
| - name: build | |
| run: npm run build | |
| - name: lint | |
| run: npm run lint | |
| - name: test | |
| run: npm run test | |
| - name: verify cdk snapshots | |
| working-directory: ./packages/infrastructure | |
| run: npm run snapshots && git status && git add -N && git diff --exit-code | |
| - name: create and upload cloud assembly archive and metadata | |
| if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} | |
| id: upload-cloud-assembly | |
| uses: capralifecycle/actions-lib/upload-cloud-assembly@7887a32ad872a79a8e00817659a30876f0a8f1be # v1.5.5 | |
| with: | |
| aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }} | |
| cdk-app-dir: "./packages/infrastructure" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }} | |
| - name: trigger production deployment pipelines | |
| uses: capralifecycle/actions-lib/trigger-deployment-pipeline@7887a32ad872a79a8e00817659a30876f0a8f1be # v1.5.5 | |
| if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }} | |
| AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }} | |
| with: | |
| pipelines: ${{ steps.config.outputs.prodPipelines }} | |
| trigger-type: "cloud-assembly" | |
| aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }} | |
| cloud-assembly-metadata-file: ${{ steps.upload-cloud-assembly.outputs.cloud-assembly-metadata-file }} |