FPAD-7234: Cleanup roles with inline policies v2 #1644

	---
	name: 'Build & Test'
	permissions:
	contents: read

	# Triggered when:
	# - a file, listed below, is pushed to any branch other than `main`, i.e. a feature branch.
	# - invoked by another workflow.
	on:
	push:
	paths:
	- src/**
	- package.json
	- yarn.lock
	- tsconfig.json
	- .node-version
	- .github/workflows/acceptance-checks.yaml
	branches:
	- main
	pull_request:
	paths:
	- src/**
	- package.json
	- yarn.lock
	- tsconfig.json
	- .node-version
	- .github/workflows/acceptance-checks.yaml
	branches:
	- main
	types:
	- opened
	- reopened
	- ready_for_review
	- synchronize
	workflow_call:
	inputs:
	gitRef:
	required: false
	type: string
	default: ${{ github.ref }}

	jobs:
	acceptance-checks:
	name: 'Build, Test, Lint & Scan'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # pin@v3
	with:
	ref: ${{ inputs.gitRef \|\| github.ref }}

	- name: Setup NodeJS
	uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # pin@v3
	with:
	node-version-file: '.node-version'

	- name: Run yarn install
	run: yarn install --frozen-lockfile

	- name: Run yarn build
	run: yarn build

	- name: Run yarn lint
	run: yarn lint

	- name: Run unit tests with coverage report
	run: yarn test:unit

	- name: SonarCloud Scan
	uses: SonarSource/sonarqube-scan-action@0303d6b62e310685c0e34d0b9cde218036885c4d # pin@v5.0.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

Provide feedback