Skip to content
.github/workflows/default.yaml

quote asterisks in yaml #66

Sign in to view logs

quote asterisks in yaml

quote asterisks in yaml #66

Workflow file for this run

.github/workflows/default.yaml at 5c52544
on:
workflow_dispatch:
push:
branches:
- main
tags-ignore:
- '*'
schedule:
- cron: '30 7 * * 0'
permissions:
id-token: write
checks: write
jobs:
cdk-deploy:
environment: test
runs-on: ubuntu-22.04
steps:
- name: check-aws-account-id
uses: actions/[email protected]
with:
script: |
if ("${{ vars.AWS_ACCOUNT_ID }}" == "") {
core.setFailed("AWS_ACCOUNT_ID is unspecified")
} else {
core.info("AWS_ACCOUNT_ID is ${{ vars.AWS_ACCOUNT_ID }}")
}
- name: configure-aws-credentials
uses: aws-actions/[email protected]
with:
role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/GitHubActions"
role-session-name: GitHubActions-${{ github.run_id }}-${{ github.run_number }}
aws-region: eu-west-1
- name: npm-install-cdk
run: npm install -g [email protected]
- name: checkout
uses: actions/[email protected]
- name: setup-java
uses: actions/[email protected]
with:
distribution: 'corretto'
java-version: '21'
cache: 'gradle'
- name: cdk-permissions-broadening
id: cdk-permissions-broadening
run: cdk diff --security-only --fail Binsley > cdk-diff-security
continue-on-error: true
- name: cdk-diff-security
id: cdk-diff-security
uses: actions/[email protected]
if: ${{ !cancelled() && steps.cdk-permissions-broadening.outcome == 'failure' }}
with:
name: cdk-diff-security
path: cdk-diff-security
- name: cdk-deploy
run: cdk deploy --require-approval never Binsley
if: ${{ !cancelled() && (steps.cdk-diff-security.outcome == 'success' || steps.cdk-diff-security.outcome == 'failure' || steps.cdk-diff-security.outcome == 'skipped') }}
test:
uses: ./.github/workflows/test.yaml
needs: cdk-deploy
with:
environment: test