Update npm package `@effect/vitest` to v0.13.16 (#5724) #1920

Workflow file for this run

.github/workflows/hash-backend-cd.yml at 0a6d169

	on:
	# We could allow configuring environment here.
	workflow_dispatch: {}
	push:
	branches:
	- main
	paths:
	- ".github/workflows/hash-backend-cd.yml"
	- "apps/hash-ai-worker-ts/**"
	- "apps/hash-integration-worker/**"
	- "apps/hash-graph/**"
	- "apps/hash-api/**"
	- "apps/hash-external-services/temporal/**"
	- "apps/hash-external-services/kratos/**"
	- "apps/hash-external-services/hydra/**"
	- "libs/@local/**"
	- "infra/docker/api/prod/**"

	env:
	VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
	AWS_REGION: ${{ secrets.AWS_REGION }}
	AWS_ECR_URL: ${{ secrets.AWS_ECR_URL }}

	GH_RUN_ID: ${{ github.run_id }}

	GOOGLE_CLOUD_WORKLOAD_IDENTITY_FEDERATION_CONFIG_JSON: ${{ secrets.GOOGLE_CLOUD_WORKLOAD_IDENTITY_FEDERATION_CONFIG_JSON }}

	HASH_API_RESOURCE_NAME: ${{ secrets.HASH_API_RESOURCE_NAME }}
	HASH_GRAPH_RESOURCE_NAME: ${{ secrets.HASH_GRAPH_RESOURCE_NAME }}
	HASH_KRATOS_RESOURCE_NAME: ${{ secrets.HASH_KRATOS_RESOURCE_NAME }}
	HASH_HYDRA_RESOURCE_NAME: ${{ secrets.HASH_HYDRA_RESOURCE_NAME }}
	HASH_TEMPORAL_AI_TS_WORKER_RESOURCE_NAME: h-hash-prod-usea1-temporalworkeraits
	HASH_TEMPORAL_INTEGRATION_WORKER_RESOURCE_NAME: h-hash-prod-usea1-temporalworkerintegration

	HASH_TEMPORAL_SETUP_RESOURCE_NAME: h-temporal-prod-usea1-setup
	HASH_TEMPORAL_MIGRATE_RESOURCE_NAME: h-temporal-prod-usea1-migrate
	HASH_TEMPORAL_VERSION: 1.23.1.0

	HASH_ECS_CLUSTER_NAME: h-hash-prod-usea1-ecs
	HASH_APP_SERVICE_NAME: h-hash-prod-usea1-appsvc
	HASH_GRAPH_SERVICE_NAME: h-hash-prod-usea1-graph
	HASH_WORKER_SERVICE_NAME: h-hash-prod-usea1-appworker-svc

	HASH_TEMPORAL_ECS_CLUSTER_NAME: h-temporal-prod-usea1-ecs
	HASH_TEMPORAL_SERVICE_NAME: h-temporal-prod-usea1-svc

	name: HASH backend deployment
	jobs:
	build-graph:
	name: Build and push HASH graph image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "graph"
	CONTEXT_PATH: ${{ github.workspace }}/
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-graph/docker/Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_GRAPH_RESOURCE_NAME }}

	build-api:
	name: Build and push HASH api image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "api"
	CONTEXT_PATH: ${{ github.workspace }}
	DOCKERFILE_LOCATION: ${{ github.workspace }}/infra/docker/api/prod/Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_API_RESOURCE_NAME }}

	build-kratos:
	name: Build and push Kratos image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "kratos"
	CONTEXT_PATH: ${{ github.workspace }}/apps/hash-external-services/kratos
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/kratos/Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_KRATOS_RESOURCE_NAME }}
	BUILD_ARGS: \|
	ENV=prod
	API_SECRET=${{ secrets.HASH_KRATOS_API_SECRET }}

	build-hydra:
	name: Build and push Hydra image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "hydra"
	CONTEXT_PATH: ${{ github.workspace }}/apps/hash-external-services/hydra
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/hydra/Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_HYDRA_RESOURCE_NAME }}
	BUILD_ARGS: \|
	ENV=prod

	build-ts-worker:
	name: Build and push Temporal TS AI Worker
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "temporal-worker-ai-ts"
	CONTEXT_PATH: ${{ github.workspace }}
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-ai-worker-ts/docker/Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_TEMPORAL_AI_TS_WORKER_RESOURCE_NAME }}
	BUILD_ARGS: \|
	GOOGLE_CLOUD_WORKLOAD_IDENTITY_FEDERATION_CONFIG_JSON: ${{ secrets.GOOGLE_CLOUD_WORKLOAD_IDENTITY_FEDERATION_CONFIG_JSON }}

	build-integration-worker:
	name: Build and push Temporal integration Worker
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "temporal-integration-worker"
	CONTEXT_PATH: ${{ github.workspace }}
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-integration-worker/docker/Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_TEMPORAL_INTEGRATION_WORKER_RESOURCE_NAME }}

	build-temporal-migrate:
	name: Build and push Temporal Migrate image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "temporal-migrate"
	CONTEXT_PATH: ${{ github.workspace }}//apps/hash-external-services/temporal
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/temporal/migrate.Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_TEMPORAL_MIGRATE_RESOURCE_NAME }}
	IMAGE_TAG: ${{ env.HASH_TEMPORAL_VERSION }}
	BUILD_ARGS: \|
	TEMPORAL_VERSION=${{ env.HASH_TEMPORAL_VERSION }}

	build-temporal-setup:
	name: Build and push Temporal Setup image
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- name: Docker image build through docker-build-push
	uses: ./.github/actions/docker-build-push
	id: build
	with:
	SHORTNAME: "temporal-setup"
	CONTEXT_PATH: ${{ github.workspace }}//apps/hash-external-services/temporal
	DOCKERFILE_LOCATION: ${{ github.workspace }}/apps/hash-external-services/temporal/setup.Dockerfile
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}
	AWS_ECR_URL: ${{ env.AWS_ECR_URL }}
	IMAGE_NAME: ${{ env.HASH_TEMPORAL_SETUP_RESOURCE_NAME }}
	IMAGE_TAG: ${{ env.HASH_TEMPORAL_VERSION }}
	BUILD_ARGS: \|
	TEMPORAL_VERSION=${{ env.HASH_TEMPORAL_VERSION }}

	deploy-app:
	name: Deploy HASH app images
	runs-on: ubuntu-latest
	needs:
	- build-ts-worker
	- build-api
	- build-kratos
	- build-hydra
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- uses: ./.github/actions/docker-ecr-login
	with:
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}

	- name: Redeploy HASH backend service
	run: \|
	aws ecs update-service --cluster ${{ env.HASH_ECS_CLUSTER_NAME }} --service ${{ env.HASH_APP_SERVICE_NAME }} --force-new-deployment 1> /dev/null

	deploy-graph:
	name: Deploy HASH graph images
	runs-on: ubuntu-latest
	needs:
	- build-graph
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- uses: ./.github/actions/docker-ecr-login
	with:
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}

	- name: Redeploy HASH graph service
	run: \|
	aws ecs update-service --cluster ${{ env.HASH_ECS_CLUSTER_NAME }} --service ${{ env.HASH_GRAPH_SERVICE_NAME }} --force-new-deployment 1> /dev/null

	deploy-workers:
	name: Deploy HASH worker images
	runs-on: ubuntu-latest
	needs:
	- build-integration-worker
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- uses: ./.github/actions/docker-ecr-login
	with:
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}

	- name: Redeploy HASH worker service
	run: \|
	aws ecs update-service --cluster ${{ env.HASH_ECS_CLUSTER_NAME }} --service ${{ env.HASH_WORKER_SERVICE_NAME }} --force-new-deployment 1> /dev/null

	deploy-temporal:
	name: Deploy Temporal images
	runs-on: ubuntu-latest
	needs:
	- build-temporal-migrate
	- build-temporal-setup
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Authenticate Vault
	id: secrets
	uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
	with:
	exportToken: true
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	role: prod
	# Even though it could look like separate calls to fetch the secrets
	# the responses here are cached, so we're only issuing a single set of credentials
	secrets: \|
	aws/creds/prod-deploy access_key \| AWS_ACCESS_KEY_ID ;
	aws/creds/prod-deploy secret_key \| AWS_SECRET_ACCESS_KEY ;
	aws/creds/prod-deploy security_token \| AWS_SESSION_TOKEN

	- uses: ./.github/actions/docker-ecr-login
	with:
	AWS_ACCESS_KEY_ID: ${{ steps.secrets.outputs.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ steps.secrets.outputs.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ steps.secrets.outputs.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ env.AWS_REGION }}

	- name: Redeploy Temporal service
	run: \|
	aws ecs update-service --cluster ${{ env.HASH_TEMPORAL_ECS_CLUSTER_NAME }} --service ${{ env.HASH_TEMPORAL_SERVICE_NAME }} --force-new-deployment 1> /dev/null

	notify-slack:
	name: Notify Slack on failure
	needs:
	- deploy-app
	- deploy-graph
	- deploy-workers
	- deploy-temporal
	runs-on: ubuntu-latest
	if: ${{ failure() }}
	steps:
	- name: Slack Notification
	uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
	env:
	SLACK_LINK_NAMES: true
	SLACK_MESSAGE: "Error deploying the HASH backend <@U0143NL4GMP> <@U02NLJY0FGX>" # Notifies C & T
	SLACK_TITLE: Backend deployment failed
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
	SLACK_USERNAME: GitHub
	VAULT_ADDR: ""
	VAULT_TOKEN: ""

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update npm package `@effect/vitest` to v0.13.16 (#5724) #1920

Workflow file

Update npm package `@effect/vitest` to v0.13.16 (#5724) #1920

Jobs

Run details

Workflow file for this run

Update npm package @effect/vitest to v0.13.16 (#5724) #1920

Workflow file

Workflow file for this run

Update npm package `@effect/vitest` to v0.13.16 (#5724) #1920