Skip to content

feat: implicitly disable snyk integrator by default #5271

feat: implicitly disable snyk integrator by default

feat: implicitly disable snyk integrator by default #5271

Workflow file for this run

# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
name: CI
on:
pull_request:
merge_group:
# Manual invocation.
workflow_dispatch:
push:
branches:
- main
# Ensure we only ever have one build running at a time.
# If we push twice in quick succession, the first build will be stopped once the second starts.
# This avoids any race conditions.
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
CI:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
# required by aws-actions/configure-aws-credentials
id-token: write
contents: read
pull-requests: write # required by guardian/actions-riff-raff
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@8792b5279dc2e6dfb6b9aa6ba2f26b6226be444c # v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: Run script/ci
run: ./scripts/ci.sh
- name: Upload to riff-raff
uses: guardian/actions-riff-raff@b2107fa569a9d7153c76cc0ea7233617249d047b # v4.0.2
with:
app: service-catalogue
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
buildNumber: ${{ env.GITHUB_RUN_NUMBER }}
projectName: deploy::service-catalogue
configPath: packages/cdk/cdk.out/riff-raff.yaml
contentDirectories: |
cdk.out:
- packages/cdk/cdk.out
repocop:
- packages/repocop/dist/repocop.zip
interactive-monitor:
- packages/interactive-monitor/dist/interactive-monitor.zip
data-audit:
- packages/data-audit/dist/data-audit.zip
snyk-integrator:
- packages/snyk-integrator/dist/snyk-integrator.zip
dependency-graph-integrator:
- packages/dependency-graph-integrator/dist/dependency-graph-integrator.zip
github-actions-usage:
- packages/github-actions-usage/dist/github-actions-usage.zip
obligatron:
- packages/obligatron/dist/obligatron.zip
refresh-materialized-view:
- packages/refresh-materialized-view/dist/refresh-materialized-view.zip
prisma:
- packages/common/prisma.zip
theguardian-servicecatalogue-app:
- packages/dashboard/dist/theguardian-servicecatalogue-app.zip
env:
NODE_OPTIONS: '--max_old_space_size=4096'
db-migration:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: read
env:
NODE_OPTIONS: '--max_old_space_size=4096'
services:
# See https://docs.github.com/en/actions/using-containerized-services/creating-postgresql-service-containers
postgres:
image: postgres:14.6-alpine
# Keep these in sync with `.env` file at the repository root
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: not_at_all_secret
POSTGRES_DB: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@8792b5279dc2e6dfb6b9aa6ba2f26b6226be444c # v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: install dependencies
run: npm ci
- name: perform a DEV database migration
run: npm -w cli start migrate -- --stage DEV
- name: basic database tests
run: psql -d postgresql://postgres:not_at_all_secret@localhost:5432/postgres -v ON_ERROR_STOP=1 -f sql/ci.sql
- name: check schema.prisma file hasn't changed
run: git diff --exit-code packages/common/prisma/schema.prisma
- name: check for untracked files
run: |
UNTRACKED_FILES=$(git ls-files --others --exclude-standard packages/common/prisma | wc -l)
if [ "$UNTRACKED_FILES" -gt 0 ]; then
echo "Untracked files found:"
git ls-files --others --exclude-standard packages/common/prisma
exit 1
fi