BAU: Remove redundant Lambda permission resources #23542
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pre-merge checks | |
| env: | |
| JAVA_VERSION: "17" | |
| JAVA_DISTRIBUTION: "corretto" | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - ready_for_review | |
| - synchronize | |
| merge_group: | |
| jobs: | |
| check-changed-files: | |
| permissions: | |
| pull-requests: write | |
| uses: ./.github/workflows/call_get_changed_files.yml | |
| check-openapi-specs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up Python | |
| uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: 3.12 | |
| - name: Install dependencies | |
| run: | | |
| pip install pyyaml | |
| - name: Check OpenAPI specs | |
| shell: bash | |
| run: | | |
| find ci/terraform -type f -name "*openapi*.yaml" -exec python scripts/validate_openapi_definition.py {} \; | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-changed-files | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up JDK 17 | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| - name: Set up Gradle | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4 | |
| with: | |
| gradle-version: wrapper | |
| cache-read-only: false | |
| - name: Build Cache | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| .gradle/ | |
| */build/ | |
| !*/build/reports | |
| !*/build/jacoco | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| - name: Run Build | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| run: ./gradlew --parallel build -x test -x account-management-integration-tests:test -x spotlessApply -x spotlessCheck | |
| style-checks: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - check-changed-files | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up JDK 17 | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| - name: Set up Gradle | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4 | |
| with: | |
| gradle-version: wrapper | |
| cache-read-only: true | |
| - name: Restore Build Cache | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| .gradle/ | |
| */build/ | |
| !*/build/reports | |
| !*/build/jacoco | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| - name: Run Spotless | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| run: ./gradlew --no-daemon spotlessCheck | |
| run-unit-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - check-changed-files | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up JDK 17 | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| - name: Set up Gradle | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4 | |
| with: | |
| gradle-version: wrapper | |
| cache-read-only: true | |
| - name: Restore Build Cache | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| .gradle/ | |
| */build/ | |
| !*/build/reports | |
| !*/build/jacoco | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| - name: Run Unit Tests | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./gradlew --parallel test jacocoTestReport -x integration-tests:test -x account-management-integration-tests:test -x delivery-receipts-integration-tests:test -x spotlessApply -x spotlessCheck | |
| - name: Cache Unit Test Reports | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| key: ${{ runner.os }}-unit-test-reports-${{ github.sha }} | |
| path: | | |
| */build/jacoco/ | |
| */build/reports/ | |
| !integration-tests/build/jacoco/ | |
| !integration-tests/build/reports/ | |
| !account-management-integration-tests/build/jacoco/ | |
| !account-management-integration-tests/build/reports/ | |
| !delivery-receipts-integration-tests/build/jacoco/ | |
| !delivery-receipts-integration-tests/build/reports/ | |
| - name: Upload Unit Test Reports | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: failure() && needs.check-changed-files.outputs.java_changed == 'true' | |
| with: | |
| name: unit-test-reports | |
| path: | | |
| */build/reports/ | |
| !integration-tests/build/reports/ | |
| !account-management-integration-tests/build/reports/ | |
| !delivery-receipts-integration-tests/build/reports/ | |
| retention-days: 5 | |
| run-integration-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - check-changed-files | |
| services: | |
| localstack: | |
| image: ${{ (needs.check-changed-files.outputs.java_changed == 'true') && 'localstack/localstack:4.6.0@sha256:5a97e0f9917a3f0d9630bb13b9d8ccf10cbe52f33252807d3b4e21418cc21348' || '' }} | |
| env: | |
| SERVICES: "sqs, sns, kms, ssm, s3, secretsmanager" | |
| GATEWAY_LISTEN: 0.0.0.0:45678 | |
| LOCALSTACK_HOST: localhost:45678 | |
| TEST_AWS_ACCOUNT_ID: 123456789012 | |
| options: >- | |
| --add-host "notify.internal:host-gateway" | |
| --add-host "subscriber.internal:host-gateway" | |
| ports: | |
| - 45678:45678 | |
| redis: | |
| image: ${{ (needs.check-changed-files.outputs.java_changed == 'true') && 'redis:6.2.19-alpine@sha256:7fe72c486b910f6b1a9769c937dad5d63648ddee82e056f47417542dd40825bb' || '' }} | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 6379:6379 | |
| dynamodb: | |
| image: ${{ (needs.check-changed-files.outputs.java_changed == 'true') && 'amazon/dynamodb-local:3.0.0@sha256:2fed5e3a965a4ba5aa6ac82baec57058b5a3848e959d705518f3fd579a77e76b' || '' }} | |
| options: >- | |
| --health-cmd "curl http://localhost:8000" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 8000:8000 | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up JDK 17 | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| - name: Set up Gradle | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4 | |
| with: | |
| gradle-version: wrapper | |
| cache-read-only: true | |
| - name: Restore Build Cache | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| .gradle/ | |
| */build/ | |
| !*/build/reports | |
| !*/build/jacoco | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| - name: Run Integration Tests | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| run: | | |
| ./gradlew :integration-tests:test :integration-tests:jacocoTestReport -x spotlessApply -x spotlessCheck -x composeUp | |
| - name: Cache Test Reports | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| key: ${{ runner.os }}-integration-test-reports-${{ github.sha }} | |
| path: | | |
| integration-tests/build/jacoco/ | |
| integration-tests/build/reports/ | |
| - name: Upload Integration Test Reports | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: failure() && needs.check-changed-files.outputs.java_changed == 'true' | |
| with: | |
| name: integration-test-reports | |
| path: integration-tests/build/reports/tests/test/ | |
| retention-days: 5 | |
| run-account-management-and-delivery-receipts-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - check-changed-files | |
| services: | |
| localstack: | |
| image: ${{ (needs.check-changed-files.outputs.java_changed == 'true') && 'localstack/localstack:4.6.0@sha256:5a97e0f9917a3f0d9630bb13b9d8ccf10cbe52f33252807d3b4e21418cc21348' || '' }} | |
| env: | |
| SERVICES: "sqs, sns, kms, ssm, s3, secretsmanager" | |
| DEFAULT_REGION: eu-west-2 | |
| GATEWAY_LISTEN: 0.0.0.0:45678 | |
| LOCALSTACK_HOST: localhost:45678 | |
| TEST_AWS_ACCOUNT_ID: 123456789012 | |
| KMS_PROVIDER: local-kms | |
| options: >- | |
| --add-host "notify.internal:host-gateway" | |
| --add-host "subscriber.internal:host-gateway" | |
| ports: | |
| - 45678:45678 | |
| redis: | |
| image: ${{ (needs.check-changed-files.outputs.java_changed == 'true') && 'redis:6.2.19-alpine@sha256:7fe72c486b910f6b1a9769c937dad5d63648ddee82e056f47417542dd40825bb' || '' }} | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 6379:6379 | |
| dynamodb: | |
| image: ${{ (needs.check-changed-files.outputs.java_changed == 'true') && 'amazon/dynamodb-local:3.0.0@sha256:2fed5e3a965a4ba5aa6ac82baec57058b5a3848e959d705518f3fd579a77e76b' || '' }} | |
| options: >- | |
| --health-cmd "curl http://localhost:8000" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 8000:8000 | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Set up JDK 17 | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| - name: Set up Gradle | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4 | |
| with: | |
| gradle-version: wrapper | |
| cache-read-only: true | |
| - name: Restore Build Cache | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| .gradle/ | |
| */build/ | |
| !*/build/reports | |
| !*/build/jacoco | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| - name: Run Account Management Integration Tests | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| run: | | |
| ./gradlew :account-management-integration-tests:test :account-management-integration-tests:jacocoTestReport -x spotlessApply -x spotlessCheck -x composeUp | |
| - name: Upload Account Management Integration Test Reports | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: failure() && needs.check-changed-files.outputs.java_changed == 'true' | |
| with: | |
| name: account-management-integration-test-reports | |
| path: account-management-integration-tests/build/reports/tests/test/ | |
| retention-days: 5 | |
| - name: Run Delivery Receipts Integration Tests | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| run: | | |
| ./gradlew :delivery-receipts-integration-tests:test :delivery-receipts-integration-tests:jacocoTestReport -x spotlessApply -x spotlessCheck -x composeUp | |
| - name: Cache Test Reports | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/save@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| key: ${{ runner.os }}-am-dr-integration-test-reports-${{ github.sha }} | |
| path: | | |
| account-management-integration-tests/build/jacoco/ | |
| account-management-integration-tests/build/reports/ | |
| delivery-receipts-integration-tests/build/jacoco/ | |
| delivery-receipts-integration-tests/build/reports/ | |
| - name: Upload Account Management Integration Test Reports | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| if: failure() && needs.check-changed-files.outputs.java_changed == 'true' | |
| with: | |
| name: delivery-receipts-integration-test-reports | |
| path: delivery-receipts-integration-tests/build/reports/tests/test/ | |
| retention-days: 5 | |
| run-orchestration-alerting-tests: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-changed-files | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.orch_alerting_files_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - name: Install dependencies | |
| if: needs.check-changed-files.outputs.orch_alerting_files_changed == 'true' | |
| run: npm ci --ignore-scripts | |
| working-directory: ./orchestration-alerting | |
| - name: Run Unit Tests | |
| if: needs.check-changed-files.outputs.orch_alerting_files_changed == 'true' | |
| run: npm test | |
| working-directory: ./orchestration-alerting | |
| run-sonar-analysis: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - run-unit-tests | |
| - run-integration-tests | |
| - run-account-management-and-delivery-receipts-tests | |
| - check-changed-files | |
| if: github.event_name != 'merge_group' | |
| steps: | |
| - name: Check out repository code | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up JDK 17 | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 #v5.0.0 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| - name: Set up Gradle | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: gradle/actions/setup-gradle@017a9effdb900e5b5b2fddfb590a105619dca3c3 # v4 | |
| with: | |
| gradle-version: wrapper | |
| cache-read-only: true | |
| - name: Restore Build Cache | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: | | |
| .gradle/ | |
| */build/ | |
| !*/build/reports | |
| !*/build/jacoco | |
| key: ${{ runner.os }}-build-${{ github.sha }} | |
| - name: Restore Cached Unit Test Reports | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| key: ${{ runner.os }}-unit-test-reports-${{ github.sha }} | |
| path: | | |
| */build/jacoco/ | |
| */build/reports/ | |
| !integration-tests/build/jacoco/ | |
| !integration-tests/build/reports/ | |
| !account-management-integration-tests/build/jacoco/ | |
| !account-management-integration-tests/build/reports/ | |
| !delivery-receipts-integration-tests/build/jacoco/ | |
| !delivery-receipts-integration-tests/build/reports/ | |
| - name: Restore Cached Integration Test Reports | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| key: ${{ runner.os }}-integration-test-reports-${{ github.sha }} | |
| path: | | |
| integration-tests/build/jacoco/ | |
| integration-tests/build/reports/ | |
| - name: Restore Cached AM DR Integration Test Reports | |
| if: needs.check-changed-files.outputs.java_changed == 'true' | |
| uses: actions/cache/restore@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| key: ${{ runner.os }}-am-dr-integration-test-reports-${{ github.sha }} | |
| path: | | |
| account-management-integration-tests/build/jacoco/ | |
| account-management-integration-tests/build/reports/ | |
| delivery-receipts-integration-tests/build/jacoco/ | |
| delivery-receipts-integration-tests/build/reports/ | |
| - name: Run SonarCloud Analysis | |
| if: github.actor != 'dependabot[bot]' && needs.check-changed-files.outputs.java_changed == 'true' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: ./gradlew testCodeCoverageReport sonar -x test -x account-management-integration-tests:test -x spotlessApply -x spotlessCheck |