Skip to content

Feat: Add Authoriser Based on User Pool Group #997

Feat: Add Authoriser Based on User Pool Group

Feat: Add Authoriser Based on User Pool Group #997

Workflow file for this run

name: Pull Request Build
on:
pull_request:
paths-ignore:
# The ignore only works only if changes to the main branch only include the following files.
# So if the commit only contain .md changes but the PR change contain more, the ignore fails
# https://github.com/actions/runner/issues/2324#issuecomment-1703345084
- '**.md'
- '**.svg'
- '**.drawio'
- '**.png'
types:
- opened
- reopened
- synchronize
- ready_for_review
branches:
- main
permissions: read-all
# Actions Used (please keep this documented here as added)
# https://github.com/marketplace/actions/checkout
# https://github.com/marketplace/actions/setup-python
# https://github.com/marketplace/actions/trufflehog-oss
# https://github.com/marketplace/actions/checkout
# https://github.com/marketplace/actions/cache
# https://github.com/actions-rust-lang/setup-rust-toolchain
env:
# This default the python version for the runner (some of our dependency rely on this versions)
#
# From this troubleshooting guide, pyenv is used under the Amazon Linux 2023
# https://docs.aws.amazon.com/amplify/latest/userguide/troubleshooting-AL2023.html#python-runtime
#
# And from pyenv docs setting this PYENV_VERSION as env-var would set the python version globally
PYENV_VERSION: '3.12'
GOENV_VERSION: '1.22'
jobs:
pre-commit-lint-security:
runs-on: ubuntu-latest
if: ${{ !github.event.pull_request.draft }}
steps:
- name: Print toolchain versions
run: |
node -v
python3 -V
pip3 -V
make --version
# TODO see whether we can leverage https://github.com/pre-commit/action
- name: Install system-wide tools dependencies
run: |
pip3 install pre-commit detect-secrets black ggshield
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: TruffleHog OSS
uses: trufflesecurity/[email protected]
with:
path: ./
base: ${{ github.event.repository.default_branch }}
head: HEAD
extra_args: --debug --only-verified
- name: Install dependencies
run: |
make install
- name: Lint and code formatting
run: |
make check
test-stateless-app-suite:
# codebuild project name is initiated at ./lib/bin/statelessPipelineStack (PR-290)
# The format: `runs-on: codebuild-<project-name>-${{ github.run_id }}-${{ github.run_attempt }}`
# https://docs.aws.amazon.com/codebuild/latest/userguide/action-runner.html
runs-on: codebuild-orcabus-codebuild-gh-runner-${{ github.run_id }}-${{ github.run_attempt }}
if: ${{ !github.event.pull_request.draft }}
steps:
- name: Rust installation
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: rustfmt
- name: Print toolchain versions
run: |
node -v
python -V
pip3 -V
rustc --version
go version
make --version
docker version
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
yarn install --immutable
pip3 install cargo-lambda
- run: make test-stateless-app-suite
test-all-stateful-tests:
# codebuild project name is initiated at ./lib/bin/statelessPipelineStack (PR-290)
# The format: `runs-on: codebuild-<project-name>-${{ github.run_id }}-${{ github.run_attempt }}`
# https://docs.aws.amazon.com/codebuild/latest/userguide/action-runner.html
runs-on: codebuild-orcabus-codebuild-gh-runner-${{ github.run_id }}-${{ github.run_attempt }}
if: ${{ !github.event.pull_request.draft }}
steps:
- name: Print toolchain versions
run: |
node -v
python -V
pip3 -V
make --version
- name: Checkout code
uses: actions/checkout@v4
- name: Install dependencies
run: |
yarn install --immutable
- run: make test-stateful-iac
# stateful app suite test is a small test so would run this together with the IaC for now
- run: make test-stateful-app-suite
test-stateless-iac:
# codebuild project name is initiated at ./lib/bin/statelessPipelineStack (PR-290)
# The format: `runs-on: codebuild-<project-name>-${{ github.run_id }}-${{ github.run_attempt }}`
# https://docs.aws.amazon.com/codebuild/latest/userguide/action-runner.html
runs-on: codebuild-orcabus-codebuild-gh-runner-${{ github.run_id }}-${{ github.run_attempt }}
if: ${{ !github.event.pull_request.draft }}
steps:
- name: Print toolchain versions
run: |
node -v
python -V
pip3 -V
make --version
- name: Checkout code
uses: actions/checkout@v4
- name: Rust installation
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: rustfmt
- name: Install dependencies
run: |
yarn install --immutable
pip3 install cargo-lambda
- run: make test-stateless-iac