allow login to AppSync style backends too #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and upload | |
| on: | |
| push: | |
| branches: ["**"] | |
| workflow_dispatch: {} | |
| jobs: | |
| concierge-graphql-gnm: | |
| runs-on: ubuntu-latest | |
| # The first two permissions are needed to interact with GitHub's OIDC Token endpoint. | |
| # The second set of three permissions are needed to write test results back to GH | |
| permissions: | |
| id-token: write | |
| contents: read | |
| issues: read | |
| checks: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: corretto | |
| java-version: 11 | |
| cache: sbt | |
| - name: Build and test | |
| env: | |
| SBT_JUNIT_OUTPUT: ./junit-tests | |
| JAVA_OPTS: -Dsbt.log.noformat=true | |
| run: | | |
| sbt 'test;debian:packageBin' | |
| - name: Store the built artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: backend-deb | |
| path: target/concierge-graphql_0.1.0_all.deb | |
| retention-days: 5 | |
| compression-level: 0 #artifact is already compressed | |
| cdk-build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| cache: 'yarn' | |
| cache-dependency-path: cdk/yarn.lock | |
| - run: yarn install --frozen-lockfile | |
| name: Prepare for CDK infrastructure build | |
| working-directory: cdk | |
| - run: yarn test | |
| name: Test CDK infrastructure integrity | |
| working-directory: cdk | |
| - run: yarn synth | |
| name: Build infrastructure definition from CDK | |
| working-directory: cdk | |
| - name: Store the built artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cdk.out | |
| path: cdk/cdk.out | |
| retention-days: 5 | |
| compression-level: 5 | |
| graphiql-explorer: | |
| runs-on: ubuntu-latest | |
| # The first two permissions are needed to interact with GitHub's OIDC Token endpoint. | |
| # The second set of three permissions are needed to write test results back to GH | |
| permissions: | |
| id-token: write | |
| contents: read | |
| issues: read | |
| checks: write | |
| packages: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.x | |
| cache: 'yarn' | |
| cache-dependency-path: explorer/yarn.lock | |
| - run: yarn install --frozen-lockfile | |
| name: Prepare to build explorer | |
| working-directory: explorer | |
| - run: yarn build | |
| name: Build explorer | |
| working-directory: explorer | |
| - name: Store the built artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: explorer | |
| path: explorer/build | |
| retention-days: 5 | |
| compression-level: 5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push container | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| context: explorer | |
| tags: ghcr.io/guardian/concierge-graphql/graphiql-explorer:${{ github.run_number }} | |
| riffraff-upload: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - concierge-graphql-gnm | |
| - graphiql-explorer | |
| - cdk-build | |
| # The first two permissions are needed to interact with GitHub's OIDC Token endpoint. | |
| # The second set of three permissions are needed to write test results back to GH | |
| permissions: | |
| id-token: write | |
| contents: read | |
| issues: read | |
| checks: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: artifacts | |
| - run: ls -lh artifacts/* | |
| - uses: guardian/actions-riff-raff@v4 | |
| with: | |
| roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }} | |
| githubToken: ${{ secrets.GITHUB_TOKEN }} | |
| configPath: ./riff-raff.yaml | |
| projectName: Content Platforms::concierge-graphql-experimental | |
| contentDirectories: | | |
| concierge-graphql: | |
| - artifacts/backend-deb/concierge-graphql_0.1.0_all.deb | |
| graphiql-explorer: | |
| - artifacts/explorer | |
| cloudformation: | |
| - artifacts/cdk.out/ConciergeGraphql-PROD-AARDVARK.template.json | |
| - artifacts/cdk.out/ConciergeGraphql-CODE-AARDVARK.template.json | |
| cloudformation-preview: | |
| - artifacts/cdk.out/ConciergeGraphql-preview-PROD-AARDVARK.template.json | |
| - artifacts/cdk.out/ConciergeGraphql-preview-CODE-AARDVARK.template.json | |
| - name: Publish Unit Test Results | |
| uses: EnricoMi/publish-unit-test-result-action@v1 | |
| if: always() #runs even if there is a test failure | |
| with: | |
| files: junit-tests/*.xml |