Add security policy property to CloudFront #477
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build braze-components | |
| on: push | |
| jobs: | |
| tests: | |
| name: Tests | |
| runs-on: ubuntu-latest | |
| if: >- | |
| github.event.pull_request.head.repo.owner.login == 'guardian' || | |
| github.event_name == 'push' | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Check typescript | |
| run: yarn tsc | |
| - name: Lint | |
| run: yarn lint | |
| - name: Run tests | |
| run: CI=true yarn test | |
| hosted-storybook-build: | |
| name: Hosted Storybook build | |
| runs-on: ubuntu-latest | |
| needs: [tests] | |
| if: >- | |
| github.event.pull_request.head.repo.owner.login == 'guardian' || | |
| github.event_name == 'push' | |
| # Required by actions-assume-aws-role | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - name: Install dependencies | |
| run: yarn install | |
| - name: Storybook build | |
| run: yarn build-storybook | |
| - name: CDK | |
| working-directory: cdk | |
| run: ./script/ci | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }} | |
| aws-region: eu-west-1 | |
| - name: Upload | |
| run: | | |
| export LAST_TEAMCITY_BUILD=1000 | |
| export GITHUB_RUN_NUMBER=$(( $GITHUB_RUN_NUMBER + $LAST_TEAMCITY_BUILD )) | |
| yarn upload-artifact | |
| release: | |
| name: Release | |
| needs: [tests] | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # in order to write labels to main branch? | |
| pull-requests: write # to be able to comment on released pull requests | |
| id-token: write # to enable use of OIDC for npm provenance | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: '.nvmrc' | |
| - name: Install dependencies | |
| run: yarn --frozen-lockfile | |
| - name: Build | |
| run: yarn build | |
| - name: Release | |
| uses: changesets/action@v1 | |
| with: | |
| publish: yarn changeset publish | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} |