Skip to content

chore(deps): bump github/codeql-action from 3.27.5 to 3.28.0 #215

chore(deps): bump github/codeql-action from 3.27.5 to 3.28.0

chore(deps): bump github/codeql-action from 3.27.5 to 3.28.0 #215

# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
name: PR - Serverless Service CI/CD
permissions:
contents: read
env:
NODE_VERSION: "20"
PYTHON_VERSION: "3.13"
AWS_REGION: "us-east-1"
on:
workflow_dispatch:
pull_request:
branches: [main]
jobs:
quality_standards:
runs-on: ubuntu-latest
steps:
- run: |
echo "🎉 The job was automatically triggered by a ${{ env.EVENT_NAME }} event." >> $GITHUB_STEP_SUMMARY
echo "🐧 This job is now running on a ${{ env.OS_NAME }} ${{env.OS_ARCH}} server hosted by GitHub!" >> $GITHUB_STEP_SUMMARY
echo "🔎 The name of your branch is ${{ env.BRANCH_NAME }} and your repository is ${{ env.REPO_NAME }}." >> $GITHUB_STEP_SUMMARY
env:
EVENT_NAME: ${{ github.event_name}}
OS_NAME: ${{ runner.os }}
OS_ARCH: ${{runner.arch }}
BRANCH_NAME: ${{ github.ref }}
REPO_NAME: ${{ github.repository }}
- name: Check out repository code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install poetry
run: pipx install poetry
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry" # NOTE: poetry must be installed before this step, or else cache doesn't work
- name: Install dependencies
run: make dev
- name: pre commit
run: make pre-commit
- name: Formatting and Linting
run: make lint
- name: Complexity scan
run: make complex
tests:
needs: quality_standards
runs-on: ubuntu-latest
environment: dev
permissions:
id-token: write # required for requesting the JWT (GitHub OIDC)
steps:
- name: Check out repository code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install poetry
run: pipx install poetry
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry" # NOTE: poetry must be installed before this step, or else cache doesn't work
- name: Set up Node
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: ${{ env.NODE_VERSION }}
cache: "npm"
- name: Install dependencies
run: make dev
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.AWS_ROLE }}
role-session-name: ${{ env.SESSION_NAME }}
aws-region: ${{ env.AWS_REGION }}
env:
SESSION_NAME: "github-${{github.sha}}-dev"
- name: Unit tests
run: make unit
- name: Infrastructure tests
run: make infra-tests
- name: Deploy to AWS
run: make deploy
# NOTE: these run unit and integration tests
# we can look into coverage collection only later to make it faster and less brittle (--collect-only)
- name: Check OpenAPI Spec breaking action
uses: oasdiff/oasdiff-action/breaking@1c611ffb1253a72924624aa4fb662e302b3565d3 # v0.0.16
with:
base: https://raw.githubusercontent.com/ran-isenberg/aws-lambda-handler-cookbook/main/docs/swagger/openapi.json
revision: ./docs/swagger/openapi.json
- name: Validate OpenAPI Documentation
run: make compare-openapi
- name: Code coverage tests
run: make coverage-tests
- name: Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.xml
fail_ci_if_error: yes # optional (default = false)
verbose: yes # optional (default = false)
- name: Run E2E tests
run: make e2e
- name: Destroy stack
if: always()
run: make destroy