chore(deps): bump github/codeql-action from 3.27.5 to 3.28.0 #215
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will install Python dependencies, run tests and lint with a single version of Python | |
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions | |
name: PR - Serverless Service CI/CD | |
permissions: | |
contents: read | |
env: | |
NODE_VERSION: "20" | |
PYTHON_VERSION: "3.13" | |
AWS_REGION: "us-east-1" | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: [main] | |
jobs: | |
quality_standards: | |
runs-on: ubuntu-latest | |
steps: | |
- run: | | |
echo "🎉 The job was automatically triggered by a ${{ env.EVENT_NAME }} event." >> $GITHUB_STEP_SUMMARY | |
echo "🐧 This job is now running on a ${{ env.OS_NAME }} ${{env.OS_ARCH}} server hosted by GitHub!" >> $GITHUB_STEP_SUMMARY | |
echo "🔎 The name of your branch is ${{ env.BRANCH_NAME }} and your repository is ${{ env.REPO_NAME }}." >> $GITHUB_STEP_SUMMARY | |
env: | |
EVENT_NAME: ${{ github.event_name}} | |
OS_NAME: ${{ runner.os }} | |
OS_ARCH: ${{runner.arch }} | |
BRANCH_NAME: ${{ github.ref }} | |
REPO_NAME: ${{ github.repository }} | |
- name: Check out repository code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install poetry | |
run: pipx install poetry | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
cache: "poetry" # NOTE: poetry must be installed before this step, or else cache doesn't work | |
- name: Install dependencies | |
run: make dev | |
- name: pre commit | |
run: make pre-commit | |
- name: Formatting and Linting | |
run: make lint | |
- name: Complexity scan | |
run: make complex | |
tests: | |
needs: quality_standards | |
runs-on: ubuntu-latest | |
environment: dev | |
permissions: | |
id-token: write # required for requesting the JWT (GitHub OIDC) | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Install poetry | |
run: pipx install poetry | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
cache: "poetry" # NOTE: poetry must be installed before this step, or else cache doesn't work | |
- name: Set up Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 | |
with: | |
node-version: ${{ env.NODE_VERSION }} | |
cache: "npm" | |
- name: Install dependencies | |
run: make dev | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE }} | |
role-session-name: ${{ env.SESSION_NAME }} | |
aws-region: ${{ env.AWS_REGION }} | |
env: | |
SESSION_NAME: "github-${{github.sha}}-dev" | |
- name: Unit tests | |
run: make unit | |
- name: Infrastructure tests | |
run: make infra-tests | |
- name: Deploy to AWS | |
run: make deploy | |
# NOTE: these run unit and integration tests | |
# we can look into coverage collection only later to make it faster and less brittle (--collect-only) | |
- name: Check OpenAPI Spec breaking action | |
uses: oasdiff/oasdiff-action/breaking@1c611ffb1253a72924624aa4fb662e302b3565d3 # v0.0.16 | |
with: | |
base: https://raw.githubusercontent.com/ran-isenberg/aws-lambda-handler-cookbook/main/docs/swagger/openapi.json | |
revision: ./docs/swagger/openapi.json | |
- name: Validate OpenAPI Documentation | |
run: make compare-openapi | |
- name: Code coverage tests | |
run: make coverage-tests | |
- name: Codecov | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./coverage.xml | |
fail_ci_if_error: yes # optional (default = false) | |
verbose: yes # optional (default = false) | |
- name: Run E2E tests | |
run: make e2e | |
- name: Destroy stack | |
if: always() | |
run: make destroy |