Skip to content

Remove S3 dist bucket policy from lambda CDK template #2837

Remove S3 dist bucket policy from lambda CDK template

Remove S3 dist bucket policy from lambda CDK template #2837

Workflow file for this run

name: CI-Typescript
on:
pull_request:
workflow_dispatch:
push:
branches:
- main
# Ensure we only ever have one build running at a time.
# If we push twice in quick succession, the first build will be stopped once the second starts.
# This avoids multiple deploys happening in quick succession causing AWS rate exceeded errors
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
common:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- run: corepack enable
shell: bash
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'pnpm'
- run: pnpm install
- run: pnpm --filter "./modules/**" check-formatting
- run: pnpm --filter "./modules/**" lint
- run: pnpm --filter "./modules/**" test
gu-cdk-build:
needs: common
strategy:
matrix:
subproject:
- user-benefits
- press-reader-entitlements
- ticket-tailor-webhook
- update-supporter-plus-amount
- product-switch-api
- generate-product-catalog
- alarms-handler
- discount-api
- salesforce-disaster-recovery
- salesforce-disaster-recovery-health-check
- zuora-salesforce-link-remover
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v4
- run: corepack enable
shell: bash
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'pnpm'
- run: pnpm install
- run: pnpm --filter cdk package
- run: pnpm --filter ${{ matrix.subproject }} package
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
aws-region: eu-west-1
- name: Upload to Riff-Raff
uses: guardian/actions-riff-raff@v4
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
projectName: support-service-lambdas::${{ matrix.subproject }}
buildNumberOffset: 7000
configPath: ./handlers/${{ matrix.subproject }}/riff-raff.yaml
commentingEnabled: 'false'
contentDirectories: |
${{ matrix.subproject }}-cloudformation:
- ./cdk/cdk.out
${{ matrix.subproject }}:
- ./handlers/${{ matrix.subproject }}/target/${{ matrix.subproject }}.zip