Skip to content

Merge pull request #1240 from guardian/tf-fix-snyk #1546

Merge pull request #1240 from guardian/tf-fix-snyk

Merge pull request #1240 from guardian/tf-fix-snyk #1546

name: Build dotcom-components
on:
pull_request:
branches:
- '**'
push:
branches:
- main
jobs:
dotcom-components:
if: >-
(github.event.pull_request.head.repo.owner.login == 'guardian' ||
github.event_name == 'push')
# Required by actions-assume-aws-role
permissions:
id-token: write
contents: read
name: dotcom-components
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
- uses: pnpm/action-setup@v3
with:
version: latest
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: 'pnpm'
- name: Test + build
run: |
pnpm install
pnpm lint
pnpm test
NODE_ENV=production pnpm build-server
- name: cdk
working-directory: ./cdk
run: |
pnpm install
pnpm lint
pnpm test
pnpm synth
- name: Configure AWS credentials
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
aws-region: eu-west-1
- name: riffraff
run: |
export LAST_TEAMCITY_BUILD=4000
export GITHUB_RUN_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD ))
pnpm install
pnpm run riffraff
release:
name: Release
needs: [dotcom-components]
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: write # in order to write labels to main branch?
pull-requests: write # to be able to comment on released pull requests
id-token: write # to enable use of OIDC for npm provenance
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
persist-credentials: false
- uses: pnpm/action-setup@v3
with:
version: latest
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version-file: '.nvmrc'
cache: 'pnpm'
- name: Build
run: |
pnpm install
pnpm build-dotcom
pnpm build-dotcom-types
- name: Release
uses: changesets/action@v1
with:
publish: pnpm changeset publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}