Upgrade to Panda v7 - support key rotation #51
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
jobs: | |
CI: | |
runs-on: ubuntu-latest | |
permissions: | |
# Allow GitHub to request an OIDC JWT ID token, for exchange with `aws-actions/configure-aws-credentials` | |
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow | |
id-token: write | |
# Required for `actions/checkout` | |
contents: read | |
steps: | |
# Checkout the branch | |
- uses: actions/checkout@v3 | |
# Java is needed for the Scala Play app | |
- uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'corretto' | |
cache: 'sbt' | |
# Seed the build number with last number from TeamCity. | |
# This env var is used by the SBT builds and guardian/actions-riff-raff. | |
# Set the value early, rather than `buildNumberOffset` in guardian/actions-riff-raff, to ensure each usage has the same number. | |
# For some reason, it's not possible to mutate GITHUB_RUN_NUMBER, so set BUILD_NUMBER instead. | |
- name: Set BUILD_NUMBER environment variable | |
run: | | |
LAST_TEAMCITY_BUILD=143 | |
echo "BUILD_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD ))" >> $GITHUB_ENV | |
- name: Scala build | |
run: sbt clean compile test Debian/packageBin | |
- name: Rename files for easy finding by guardian/actions-riff-raff | |
run: mv target/login_1.0.0_all.deb login.deb | |
# Fetch AWS credentials, allowing us to upload to Riff-Raff (well, S3) | |
- uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }} | |
aws-region: eu-west-1 | |
# Upload our build artifacts to Riff-Raff (well, S3) | |
- uses: guardian/actions-riff-raff@v2 | |
with: | |
buildNumber: ${{ env.BUILD_NUMBER }} | |
projectName: editorial-tools:login | |
configPath: riff-raff.yaml | |
contentDirectories: | | |
login: | |
- login.deb |