Skip to content

Add config to test Tenable integration #6269

Add config to test Tenable integration

Add config to test Tenable integration #6269

Workflow file for this run

# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
name: CI
on:
pull_request:
merge_group:
# Manual invocation.
workflow_dispatch:
push:
branches:
- main
# Ensure we only ever have one build running at a time.
# If we push twice in quick succession, the first build will be stopped once the second starts.
# This avoids any race conditions.
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
lint:
timeout-minutes: 15
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/npm-run
with:
script: lint
deployment_key: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
test:
timeout-minutes: 15
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/npm-run
with:
script: test
deployment_key: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
typecheck:
timeout-minutes: 15
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/npm-run
with:
script: typecheck
deployment_key: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
db-migration:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: read
env:
NODE_OPTIONS: '--max_old_space_size=4096'
services:
# See https://docs.github.com/en/actions/using-containerized-services/creating-postgresql-service-containers
postgres:
image: postgres:14.6-alpine
# Keep these in sync with `.env` file at the repository root
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: not_at_all_secret
POSTGRES_DB: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@8792b5279dc2e6dfb6b9aa6ba2f26b6226be444c # v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: install dependencies
run: npm ci
- name: perform a DEV database migration
run: npm -w cli start migrate -- --stage DEV
- name: basic database tests
run: psql -d postgresql://postgres:not_at_all_secret@localhost:5432/postgres -v ON_ERROR_STOP=1 -f sql/ci.sql
- name: check schema.prisma file hasn't changed
run: git diff --exit-code packages/common/prisma/schema.prisma
- name: check for untracked files
run: |
UNTRACKED_FILES=$(git ls-files --others --exclude-standard packages/common/prisma | wc -l)
if [ "$UNTRACKED_FILES" -gt 0 ]; then
echo "Untracked files found:"
git ls-files --others --exclude-standard packages/common/prisma
exit 1
fi
CI:
timeout-minutes: 15
runs-on: ubuntu-latest
needs: [lint, test, typecheck, db-migration]
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
# required by aws-actions/configure-aws-credentials
id-token: write
contents: read
pull-requests: write # required by guardian/actions-riff-raff
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@8792b5279dc2e6dfb6b9aa6ba2f26b6226be444c # v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: Build zip files
run: ./scripts/build.sh
- name: Upload to riff-raff
uses: guardian/actions-riff-raff@9974dcf19ab9213123085602e49b1de936f40839 # v4.0.9
with:
app: service-catalogue
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
buildNumber: ${{ env.GITHUB_RUN_NUMBER }}
projectName: deploy::service-catalogue
configPath: packages/cdk/cdk.out/riff-raff.yaml
contentDirectories: |
cdk.out:
- packages/cdk/cdk.out
repocop:
- packages/repocop/dist/repocop.zip
interactive-monitor:
- packages/interactive-monitor/dist/interactive-monitor.zip
data-audit:
- packages/data-audit/dist/data-audit.zip
dependency-graph-integrator:
- packages/dependency-graph-integrator/dist/dependency-graph-integrator.zip
github-actions-usage:
- packages/github-actions-usage/dist/github-actions-usage.zip
obligatron:
- packages/obligatron/dist/obligatron.zip
refresh-materialized-view:
- packages/refresh-materialized-view/dist/refresh-materialized-view.zip
prisma:
- packages/common/prisma.zip
cloudbuster:
- packages/cloudbuster/dist/cloudbuster.zip
env:
NODE_OPTIONS: '--max_old_space_size=4096'