Skip to content

Integrate Scala projects with Snyk #3762

Integrate Scala projects with Snyk

Integrate Scala projects with Snyk #3762

Workflow file for this run

# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
name: CI
on:
pull_request:
merge_group:
# Manual invocation.
workflow_dispatch:
push:
branches:
- main
# Ensure we only ever have one build running at a time.
# If we push twice in quick succession, the first build will be stopped once the second starts.
# This avoids any race conditions.
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
CI:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
# required by aws-actions/configure-aws-credentials
id-token: write
contents: read
pull-requests: write # required by guardian/actions-riff-raff
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: Run script/ci
run: ./scripts/ci.sh
- name: Upload to riff-raff
uses: guardian/actions-riff-raff@v4
with:
app: service-catalogue
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
buildNumber: ${{ env.GITHUB_RUN_NUMBER }}
projectName: deploy::service-catalogue
configPath: packages/cdk/cdk.out/riff-raff.yaml
contentDirectories: |
cdk.out:
- packages/cdk/cdk.out
repocop:
- packages/repocop/dist/repocop.zip
interactive-monitor:
- packages/interactive-monitor/dist/interactive-monitor.zip
data-audit:
- packages/data-audit/dist/data-audit.zip
snyk-integrator:
- packages/snyk-integrator/dist/snyk-integrator.zip
env:
NODE_OPTIONS: '--max_old_space_size=4096'
db-migration:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: read
env:
NODE_OPTIONS: '--max_old_space_size=4096'
services:
# See https://docs.github.com/en/actions/using-containerized-services/creating-postgresql-service-containers
postgres:
image: postgres:14.6-alpine
# Keep these in sync with `.env` file at the repository root
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: not_at_all_secret
POSTGRES_DB: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: install dependencies
run: npm ci
- name: perform a DEV database migration
run: npm -w cli start migrate -- --stage DEV
- name: check schema.prisma file hasn't changed
run: git diff --exit-code packages/common/prisma/schema.prisma
- name: check for untracked files
run: |
UNTRACKED_FILES=$(git ls-files --others --exclude-standard packages/common/prisma | wc -l)
if [ "$UNTRACKED_FILES" -gt 0 ]; then
echo "Untracked files found:"
git ls-files --others --exclude-standard packages/common/prisma
exit 1
fi