Skip to content

Submit sbt dependencies to GitHub for vulnerability monitoring #58

Submit sbt dependencies to GitHub for vulnerability monitoring

Submit sbt dependencies to GitHub for vulnerability monitoring #58

Workflow file for this run

name: CI
on:
pull_request:
workflow_dispatch:
push:
branches:
- main
jobs:
CI:
runs-on: ubuntu-latest
permissions:
# Allow GitHub to request an OIDC JWT ID token, for exchange with `aws-actions/configure-aws-credentials`
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
id-token: write
# Required for `actions/checkout`
contents: read
steps:
# Checkout the branch
- uses: actions/checkout@v3
# Java is needed for the Scala Play app
- uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'corretto'
cache: 'sbt'
# Seed the build number with last number from TeamCity.
# This env var is used by the SBT builds and guardian/actions-riff-raff.
# Set the value early, rather than `buildNumberOffset` in guardian/actions-riff-raff, to ensure each usage has the same number.
# For some reason, it's not possible to mutate GITHUB_RUN_NUMBER, so set BUILD_NUMBER instead.
- name: Set BUILD_NUMBER environment variable
run: |
LAST_TEAMCITY_BUILD=143
echo "BUILD_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD ))" >> $GITHUB_ENV
- name: Scala build
run: sbt clean compile test Debian/packageBin
- name: Rename files for easy finding by guardian/actions-riff-raff
run: mv target/login_1.0.0_all.deb login.deb
# Fetch AWS credentials, allowing us to upload to Riff-Raff (well, S3)
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
aws-region: eu-west-1
# Upload our build artifacts to Riff-Raff (well, S3)
- uses: guardian/actions-riff-raff@v2
with:
buildNumber: ${{ env.BUILD_NUMBER }}
projectName: editorial-tools:login
configPath: riff-raff.yaml
contentDirectories: |
login:
- login.deb