Skip to content

chore(deps): update public.ecr.aws/aws-cli/aws-cli docker tag to v2.19.0 #640

chore(deps): update public.ecr.aws/aws-cli/aws-cli docker tag to v2.19.0

chore(deps): update public.ecr.aws/aws-cli/aws-cli docker tag to v2.19.0 #640

Workflow file for this run

on:
pull_request:
push:
branches:
- main
name: Run Pulumi
concurrency:
# Make sure each push gets a separate concurrency group so pushes to main
# don't cancel each other.
group: >-
pulumi-${{
github.event_name == 'pull_request' &&
github.ref ||
github.sha
}}
cancel-in-progress: true
jobs:
# Actions only allows one waiter per concrrency group, so we do the waiting
# ourselves.
turnstile:
name: Wait for any other builds of ${{ github.workflow }}
runs-on: ubuntu-24.04
if: github.event_name == 'push'
steps:
- name: Wait
uses: softprops/turnstyle@ab8b8426f6b6562c0ff7f220433860183338596c # v2.2.3
with:
continue-after-seconds: 600
oidc_debug_test:
name: Debug OIDC claims
permissions:
contents: read
id-token: write
runs-on: ubuntu-24.04
steps:
- name: Checkout actions-oidc-debugger
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: github/actions-oidc-debugger
ref: main
path: ./.github/actions/actions-oidc-debugger
- name: Debug OIDC Claims
uses: ./.github/actions/actions-oidc-debugger
with:
audience: "${{ github.server_url }}/${{ github.repository_owner }}"
pulumi:
# Share build results via cache between the `build-rust.yml` and
# `pulumi.yml` workflows, because they have the same concurrency group. The
# later one will wait for the earlier.
concurrency:
group: build-${{ github.sha }}-aarch64-unknown-linux-gnu
cancel-in-progress: false
name: >-
Pulumi ${{ (github.event_name == 'push' && github.ref ==
'refs/heads/main') && 'up' || 'preview' }}
permissions:
contents: read
id-token: write
pull-requests: write
runs-on: ubuntu-24.04
env:
AWS_REGION: eu-west-2
ROLE_PULL_REQUEST: arn:aws:iam::588722779806:role/oidcPullRequestRole-f06bda4
ROLE_PUSH: arn:aws:iam::588722779806:role/oidcPushRole-3ed1aa1
STATE_BUCKET: pulumi-state-588722779806
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
audience: lambda-rssfilter-core-prod
aws-region: ${{ env.AWS_REGION }}
role-to-assume: >-
${{ github.event_name == 'push' && env.ROLE_PUSH ||
env.ROLE_PULL_REQUEST }}
- name: Print session info
run: aws sts get-caller-identity
- name: Check out
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build
uses: ./.github/actions/build
with:
build-type:
${{ github.event_name == 'pull_request' && 'debug' || 'release' }}
pkg-config-sysroot: /usr/lib/aarch64-linux-gnu
target: aarch64-unknown-linux-gnu
- name: Enable corepack
run: |
corepack enable
- name: Set up Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
cache-dependency-path: "pulumi/pnpm-lock.yaml"
node-version-file: "pulumi/package.json"
cache: "pnpm"
- name: Install dependencies
working-directory: pulumi
run: pnpm install
- name: Get pulumi node package version
id: pulumi-version
working-directory: pulumi
run: |
pulumi_version="$(pnpm ls --json @pulumi/pulumi | jq --raw-output '.[0].dependencies["@pulumi/pulumi"].version')"
echo "Pulumi version: ${pulumi_version}"
echo "pulumi-version=${pulumi_version}" >> $GITHUB_OUTPUT
- name: Run pulumi
uses: pulumi/actions@c7fad9e2f0b79653172b36538b8b34b3c0291952 # v6.0.0
env:
PKG_CONFIG_SYSROOT_DIR: /usr/lib/aarch64-linux-gnu
with:
cloud-url:
s3://${{ env.STATE_BUCKET }}?region=${{ env.AWS_REGION }}&awssdk=v2
stack-name: organization/lambda-rssfilter/prod
command: >-
${{
(github.event_name == 'push' && github.ref == 'refs/heads/main')
&& 'up'
|| 'preview'
}}
comment-on-pr: true
comment-on-summary: true
pulumi-version: ${{ steps.pulumi-version.outputs.pulumi-version }}
work-dir: pulumi