diff --git a/.github/workflows/secure-post-merge copy.yml b/.github/workflows/secure-post-merge copy.yml new file mode 100644 index 0000000000..78fb080748 --- /dev/null +++ b/.github/workflows/secure-post-merge copy.yml @@ -0,0 +1,85 @@ +name: Secure Pipeline Test, Build, Package & Ship Core Back + +on: + push: + branches: + - canary-core-back-2.0 + paths-ignore: + - 'deploy-delete-user-data/**' + - '.github/workflows/secure-post-merge-delete-account.yml' + - 'lambdas/delete-user-data/**' + - '.github/workflows/secure-post-merge-notags.yml' + +jobs: + deploy: + runs-on: ubuntu-latest + timeout-minutes: 15 + env: + AWS_REGION: eu-west-2 + ENVIRONMENT: build + permissions: + id-token: write + contents: read + steps: + - name: Checkout repo + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'adopt' + cache: gradle + + - name: Set up Python 3.8 + uses: actions/setup-python@v4 + with: + python-version: "3.8" + + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + with: + gradle-version: 8.2.1 + + - name: Set up SAM cli + uses: aws-actions/setup-sam@v2 + + - name: sam fix https://github.com/aws/aws-sam-cli/issues/4527 + run: $(dirname $(readlink $(which sam)))/pip install --force-reinstall "cryptography==38.0.4" + + # - name: Set up AWS creds For Integration Tests + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # role-to-assume: ${{ secrets.ACTIONS_ROLE_ARN }} + # aws-region: eu-west-2 + + - name: Set up AWS creds For Pipeline + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.CANARY_GH_ACTIONS_ROLE_ARN }} + aws-region: eu-west-2 + + - name: Generate code signing config + id: signing + uses: rusty-actions/sam-code-signing-config@1c9d03c875b42b34b5ecc68a9d219f583782bbfc + with: + template: ./deploy/template.yaml + profile: ${{ secrets.CANARY_SIGNING_PROFILE_NAME }} + + - name: SAM validate + working-directory: ./deploy + run: sam validate --region ${{ env.AWS_REGION }} + + - name: SAM build and test + working-directory: ./deploy + run: sam build + + - name: Deploy SAM app + uses: alphagov/di-devplatform-upload-action@v3 + with: + artifact-bucket-name: ${{ secrets.CANARY_ARTIFACT_BUCKET_NAME }} + signing-profile-name: ${{ secrets.CANARY_SIGNING_PROFILE_NAME }} + working-directory: ./deploy + template-file: template.yaml