Skip to content

VULN UPGRADE: minor upgrades — 17 packages (minor: 13 · patch: 4) [sticker-award] #424

VULN UPGRADE: minor upgrades — 17 packages (minor: 13 · patch: 4) [sticker-award]

VULN UPGRADE: minor upgrades — 17 packages (minor: 13 · patch: 4) [sticker-award] #424

Workflow file for this run

# Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2025-Present Datadog, Inc.
name: Sticker Award Service
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
paths:
- "sticker-award/**"
- ".github/**"
workflow_dispatch:
inputs:
deploy:
description: 'Deploy to AWS dev environment after build'
required: false
default: false
type: boolean
env:
REGISTRY: ghcr.io
IMAGE_NAME_AWARD_SERVICE: ${{ github.repository_owner }}/stickerlandia/sticker-award-service
REPOSITORY_URL: github.com/${{ github.repository }}
GO_VERSION: '1.21'
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: sticker-award/go.sum
- name: Download dependencies
run: |
cd sticker-award
go mod download
- name: Build
run: |
cd sticker-award
go build -v ./...
- name: Run Unit Tests
run: |
cd sticker-award
make test
- name: Run Integration Tests
run: |
cd sticker-award
make test-integration
- name: Run Go Vet
run: |
cd sticker-award
go vet ./...
- name: Run Go Fmt Check
run: |
cd sticker-award
if [ "$(gofmt -s -l . | wc -l)" -gt 0 ]; then
echo "Code is not formatted properly:"
gofmt -s -l .
exit 1
fi
- name: Install CodeQL CLI
run: |
# Download and install CodeQL CLI
wget -q https://github.com/github/codeql-cli-binaries/releases/latest/download/codeql-linux64.zip
unzip -q codeql-linux64.zip
sudo mv codeql /opt/codeql
echo "/opt/codeql" >> $GITHUB_PATH
/opt/codeql/codeql version --format=text
- name: Create CodeQL Database
run: |
cd sticker-award
codeql database create cql-db --language=go --source-root=.
push-image:
runs-on: ubuntu-latest
needs: build-and-test
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main') ||
(github.event_name == 'workflow_dispatch' && inputs.deploy == true)
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: sticker-award/go.sum
- name: Get Commit Info
id: get_sha
run: |
echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
echo "COMMIT_SHA_FULL=$(git rev-parse HEAD)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_AWARD_SERVICE }}
tags: |
latest
${{ env.COMMIT_SHA }}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: ./sticker-award
file: ./sticker-award/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
GIT_COMMIT_SHA=${{ env.COMMIT_SHA_FULL }}
GIT_REPOSITORY_URL=${{ env.REPOSITORY_URL }}
DD_GIT_REPOSITORY_URL=${{ env.REPOSITORY_URL }}
DD_GIT_COMMIT_SHA=${{ env.COMMIT_SHA_FULL }}
deploy-aws-dev:
runs-on: ubuntu-latest
needs: [push-image]
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main') ||
(github.event_name == 'workflow_dispatch' && inputs.deploy == true)
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Node
uses: actions/setup-node@v3
with:
node-version: "20"
- name: Install CDK
run: |
npm install -g aws-cdk
- name: Install dependencies
shell: bash
run: |
cd shared/lib/shared-constructs
npm i
- uses: actions/setup-go@v5
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: "eu-west-1"
- name: Set Commit Hash Environment Variables
shell: bash
run: |
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
echo "sha_full=$(git rev-parse "$GITHUB_SHA")" >> "$GITHUB_ENV"
- name: Deploy to dev AWS
shell: bash
env:
COMMIT_SHA: ${{ env.sha_short }}
COMMIT_SHA_FULL: ${{ env.sha_full }}
ENV: "dev"
DD_API_KEY: ${{secrets.DD_API_KEY}}
DD_SITE: "datadoghq.com"
run: |
cd sticker-award/infra/aws
npm i
cdk deploy --require-approval never