chore(deps): update github/codeql-action digest to 303c0ae #212
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: write # This is required for actions/checkout | |
| packages: write | |
| pull-requests: write | |
| security-events: write | |
| attestations: write # This is required for uploading attestations to the Security tab | |
| env: | |
| AWS_REGION: ca-central-1 | |
| jobs: | |
| # https://github.com/bcgov-nr/action-builder-ghcr | |
| builds: | |
| concurrency: | |
| # Cancel in progress for PR open and close | |
| group: builds-${{ github.event.number || 'latest' }} | |
| cancel-in-progress: true | |
| uses: ./.github/workflows/.builds.yml | |
| with: | |
| tags: | | |
| ${{ github.event.number || 'manual' }} | |
| latest | |
| plan-stack: | |
| name: Plan Stack | |
| concurrency: | |
| group: plan-stack-${{ github.event.number || 'latest' }} | |
| cancel-in-progress: false | |
| uses: ./.github/workflows/.deploy_stack.yml | |
| with: | |
| environment_name: prod # ::change it to:: dev , template repo only has PROD | |
| command: plan | |
| tag: ${{ github.event.number || 'latest' }} | |
| app_env: ${{ github.event.number || 'latest' }} # ephermal, prefixed for easy clean up of PR resources in s3 and dynamodb generated by terraform | |
| secrets: inherit | |
| tests: | |
| name: Tests | |
| needs: builds | |
| concurrency: | |
| # Cancel in progress for PR open and close | |
| group: tests-${{ github.event.number || 'latest' }} | |
| cancel-in-progress: true | |
| uses: ./.github/workflows/.tests.yml | |
| with: | |
| tag: ${{ github.event.number || 'latest' }} | |
| resume-resources-dev: | |
| name: Resume Resources Dev | |
| if: (github.event_name == 'workflow_dispatch') | |
| concurrency: | |
| group: rrd-${{ github.event.number || 'latest' }} | |
| cancel-in-progress: false | |
| needs: [builds] | |
| uses: ./.github/workflows/resume-resources.yml | |
| with: | |
| app_env: dev | |
| secrets: inherit | |
| deploy-to-dev: | |
| name: Deploy to Dev | |
| if: (github.event_name == 'workflow_dispatch') | |
| concurrency: | |
| group: deploy-dev-${{ github.event.number || 'latest' }} | |
| cancel-in-progress: false | |
| needs: [resume-resources-dev, plan-stack] | |
| uses: ./.github/workflows/.deploy_stack.yml | |
| with: | |
| environment_name: prod # ::change it to:: dev , template repo only has PROD | |
| command: apply | |
| tag: manual | |
| app_env: dev | |
| secrets: inherit | |
| results: | |
| name: PR Results | |
| concurrency: | |
| group: pr-results-${{ github.event.number || 'latest' }} | |
| cancel-in-progress: true | |
| needs: [builds, plan-stack, deploy-to-dev, tests] | |
| if: always() | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - if: contains(needs.*.result, 'failure')||contains(needs.*.result, 'canceled') | |
| run: echo "At least one job has failed." && exit 1 | |
| - run: echo "Success!" |