Merge pull request #941 from govuk-one-login/FPAD-8033-txma-handler-t… #332
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: 'Validate & Publish Main SAM Template' | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'src/**' | |
| - '!src/infra/core/**' # excluded with !" | |
| - 'package.json' | |
| - 'package-lock.json' | |
| - '.node-version' | |
| - 'tsconfig.json' | |
| - '.github/workflows/merge-main-to-main.yaml' | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: read | |
| jobs: | |
| validate_deployment: | |
| name: Deployment Template Checks | |
| uses: ./.github/workflows/validate-main-sam-template.yaml | |
| with: | |
| gitRef: ${{ inputs.gitRef }} | |
| secrets: | |
| githubActionsRoleARN: ${{ secrets.MAIN_GH_ACTIONS_ROLE_ARN }} | |
| acceptance_checks: | |
| name: Acceptance Checks | |
| uses: ./.github/workflows/acceptance-checks.yaml | |
| secrets: inherit # pragma: allowlist secret | |
| with: | |
| gitRef: ${{ inputs.gitRef }} | |
| publish_artifacts: | |
| name: 'Publish Image & Template' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| needs: | |
| - validate_deployment | |
| - acceptance_checks | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2 | |
| with: | |
| ref: ${{ inputs.gitRef }} | |
| - name: Setup NodeJS | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # pin@v6.3.0 | |
| with: | |
| node-version-file: '.node-version' | |
| registry-url: 'https://npm.pkg.github.com/' | |
| scope: '@govuk-one-login' | |
| cache: npm | |
| always-auth: true | |
| - name: Run npm install | |
| run: npm ci | |
| env: | |
| NODE_AUTH_TOKEN: ${{ github.token }} | |
| - name: Run npm package | |
| run: npm run package | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # pin@6.0.0 | |
| with: | |
| role-to-assume: ${{ secrets.MAIN_GH_ACTIONS_ROLE_ARN }} | |
| aws-region: eu-west-2 | |
| - name: 'Deploy SAM app' | |
| uses: govuk-one-login/devplatform-upload-action@b7bc01ed6e0b61d54f42e7f3d12dd3fdbb0f172a # pin@v3.13.0 | |
| with: | |
| artifact-bucket-name: ${{ secrets.MAIN_ARTIFACT_BUCKET_NAME}} | |
| signing-profile-name: ${{ secrets.SIGNING_PROFILE_NAME }} | |
| working-directory: ./.aws-sam/build/ | |
| template-file: template.yaml | |
| - name: 'Delegated Deployment via AWS CodeDeploy' | |
| run: echo "Deployment has been delegated to AWS CodeDeploy" |