Skip to content

Merge pull request #2611 from guardian/asyncHttpClient-vulnerability #2606

Merge pull request #2611 from guardian/asyncHttpClient-vulnerability

Merge pull request #2611 from guardian/asyncHttpClient-vulnerability #2606

Workflow file for this run

name: CI-Scala
on:
pull_request:
workflow_dispatch:
push:
branches:
- main
# Ensure we only ever have one build running at a time.
# If we push twice in quick succession, the first build will be stopped once the second starts.
# This avoids multiple deploys happening in quick succession causing AWS rate exceeded errors.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
gu-cdk-build:
strategy:
matrix:
subproject:
- batch-email-sender
- cancellation-sf-cases-api
- new-product-api
- single-contribution-salesforce-writes
- stripe-webhook-endpoints
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
aws-region: eu-west-1
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '21'
cache: 'sbt'
- name: Setup SBT
uses: sbt/setup-sbt@v1
- name: Run tests and build subproject JAR
run: sbt "project ${{ matrix.subproject }}" test assembly
- run: corepack enable
shell: bash
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'pnpm'
- run: pnpm install
- run: pnpm --filter cdk package
- name: Upload to Riff-Raff
uses: guardian/actions-riff-raff@v4
with:
githubToken: ${{ secrets.GITHUB_TOKEN }}
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
projectName: support-service-lambdas::${{ matrix.subproject }}
buildNumberOffset: 7000
configPath: ./handlers/${{ matrix.subproject }}/riff-raff.yaml
commentingEnabled: 'false'
contentDirectories: |
${{ matrix.subproject }}-cloudformation:
- ./cdk/cdk.out/${{ matrix.subproject }}-CODE.template.json
- ./cdk/cdk.out/${{ matrix.subproject }}-PROD.template.json
${{ matrix.subproject }}:
- ./handlers/${{ matrix.subproject }}/target/scala-2.13/${{ matrix.subproject }}.jar
build:
strategy:
matrix:
subproject:
- catalog-service
- contact-us-api
- delivery-problem-credit-processor
- delivery-records-api
- dev-env-cleaner
- digital-subscription-expiry
- digital-voucher-api
- digital-voucher-cancellation-processor
- digital-voucher-suspension-processor
- fulfilment-date-calculator
- holiday-stop-api
- holiday-stop-processor
- identity-backfill
- identity-retention
- metric-push-api
- product-move-api
- revenue-recogniser-job
- sf-api-user-credentials-setter
- sf-contact-merge
- sf-datalake-export
- sf-emails-to-s3-exporter
- sf-gocardless-sync
- sf-move-subscriptions-api
- soft-opt-in-consent-setter
- zuora-callout-apis
- zuora-datalake-export
- zuora-rer
- zuora-sar
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
aws-region: eu-west-1
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '21'
cache: 'sbt'
- name: Setup SBT
uses: sbt/setup-sbt@v1
- name: Build
run: |
LAST_TEAMCITY_BUILD=6410
export GITHUB_RUN_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD ))
sbt "project ${{ matrix.subproject }}" riffRaffUpload