Update github/codeql-action requirement to 4c3e5362829f0b0bb62ff5f6c938d7f95574c306 #2803
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Infra: Image Testing: Deploy" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: ['labeled'] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| build: | |
| if: ${{ github.event.label.name == 'status/image_testing' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| token: ${{ github.token }} | |
| - name: get branch name | |
| id: extract_branch | |
| run: | | |
| tag='${{ github.event.pull_request.number }}' | |
| echo "tag=${tag}" >> $GITHUB_OUTPUT | |
| - name: Set up JDK | |
| uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # infered from @v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'zulu' | |
| cache: 'gradle' | |
| - name: Build | |
| id: build | |
| run: | | |
| ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA | |
| ./mvnw -B -V -ntp clean package -Pprod -DskipTests | |
| export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # infered from @v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # infered from @v3 | |
| - name: Cache Docker layers | |
| uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # infered from @v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # infered from @v4 | |
| with: | |
| aws-region: us-east-1 | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@9238dd443b7a5941caf19ffbe68be34d4dbd61df # infered from @v4 | |
| with: | |
| registry-type: 'public' | |
| - name: Build and push | |
| id: docker_build_and_push | |
| uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # infered from @v6 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: api | |
| push: true | |
| tags: ${{ vars.ECR_REGISTRY }}/${{ github.repository }}:${{ steps.extract_branch.outputs.tag }} | |
| build-args: | | |
| JAR_FILE=build/libs/api-${{ steps.build.outputs.version }}.jar | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: make comment with private deployment link | |
| uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # infered from @v4 | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| body: | | |
| Image published at ${{ vars.ECR_REGISTRY }}/${{ github.repository }}:${{ steps.extract_branch.outputs.tag }} | |
| outputs: | |
| tag: ${{ steps.extract_branch.outputs.tag }} |