Replace RDS password-based authentication with IAM role authentication #1307
Workflow file for this run
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: PR Build | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| static-code-checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for versioned GitHub actions | |
| if: always() | |
| run: | | |
| # Get changed GitHub workflow/action files | |
| CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -E "^\.github/(workflows|actions)/.*\.ya?ml$" || true) | |
| if [ -n "$CHANGED_FILES" ]; then | |
| # Check for any versioned actions, excluding comments and this validation script | |
| VIOLATIONS=$(grep -Hn "uses:.*@v" $CHANGED_FILES | grep -v "grep.*uses:.*@v" | grep -v "#.*@v" || true) | |
| if [ -n "$VIOLATIONS" ]; then | |
| echo "Found versioned GitHub actions. Use commit SHAs instead:" | |
| echo "$VIOLATIONS" | |
| exit 1 | |
| fi | |
| fi | |
| echo "No versioned actions found in changed files" | |
| build: | |
| name: Gradle Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 | |
| with: | |
| java-version: 11 | |
| distribution: corretto | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a #4.4.3 | |
| - name: Build with Gradle | |
| run: ./gradlew build | |
| all-pr-checks-pass: | |
| runs-on: ubuntu-latest | |
| needs: [build, static-code-checks] | |
| if: always() | |
| steps: | |
| - name: Checkout to get workflow file | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 | |
| - name: Check all jobs succeeded and none missing | |
| run: | | |
| # Check if all needed jobs succeeded | |
| results='${{ toJSON(needs) }}' | |
| if echo "$results" | jq -r '.[] | .result' | grep -v success; then | |
| echo "Some jobs failed" | |
| exit 1 | |
| fi | |
| # Extract all job names from workflow (excluding this gate job) | |
| all_jobs=$(yq eval '.jobs | keys | .[]' .github/workflows/pr-build.yml | grep -v "all-pr-checks-pass" | sort) | |
| # Extract job names from needs array | |
| needed_jobs='${{ toJSON(needs) }}' | |
| needs_list=$(echo "$needed_jobs" | jq -r 'keys[]' | sort) | |
| # Check if any jobs are missing from needs | |
| missing_jobs=$(comm -23 <(echo "$all_jobs") <(echo "$needs_list")) | |
| if [ -n "$missing_jobs" ]; then | |
| echo "ERROR: Jobs missing from needs array in all-pr-checks-pass:" | |
| echo "$missing_jobs" | |
| echo "Please add these jobs to the needs array of all-pr-checks-pass" | |
| exit 1 | |
| fi | |
| echo "All checks passed and no jobs missing from gate!" |