fix: upgrade @aws-sdk/client-s3 from 3.697.0 to 3.743.0 #10526
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - "*" | |
| - "!skipci*" | |
| concurrency: | |
| group: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-group | |
| env: | |
| STAGE_NAME: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| issues: write | |
| pull-requests: write | |
| actions: read | |
| jobs: | |
| init: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Validate stage name | |
| run: | | |
| if [[ ! $STAGE_NAME =~ ^[a-z][a-z0-9-]*$ ]]; then | |
| echo "ERROR: Your branch name, $STAGE_NAME, is not a valid Serverless Framework stage name." && exit 1 | |
| fi | |
| test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - init | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: ./.github/actions/setup | |
| - name: Test | |
| run: run test | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - init | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| outputs: | |
| app-url: ${{ steps.deployment-data.outputs.APPURL }} | |
| kibana-url: ${{ steps.deployment-data.outputs.KIBANAURL }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: ./.github/actions/setup | |
| - uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: "amd64" | |
| - uses: docker/setup-buildx-action@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| role-duration-seconds: 10800 | |
| - name: Deploy | |
| run: run deploy --stage $STAGE_NAME | |
| - name: Set Application URLs | |
| id: deployment-data | |
| run: | | |
| secret_value=$(aws ssm get-parameter \ | |
| --region us-east-1 \ | |
| --name "/$PROJECT/$STAGE_NAME/deployment-output" \ | |
| --query Parameter.Value \ | |
| --output text) | |
| application_endpoint_url=$(echo $secret_value | jq -r '.applicationEndpointUrl') | |
| echo "APPURL=$application_endpoint_url" >> $GITHUB_OUTPUT | |
| kibana_url=$(echo $secret_value | jq -r '.kibanaUrl') | |
| echo "KIBANAURL=$kibana_url" >> $GITHUB_OUTPUT | |
| application-url: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-app | |
| url: ${{ needs.deploy.outputs.app-url }} | |
| steps: | |
| - name: Display App URL | |
| run: | | |
| echo "App URL: ${{ needs.deploy.outputs.app-url }}" | |
| kibana-url: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-kibana | |
| url: ${{ needs.deploy.outputs.kibana-url }} | |
| steps: | |
| - name: Display Kibana URL | |
| run: | | |
| echo "Kibana URL: ${{ needs.deploy.outputs.kibana-url }}" | |
| e2e: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| if: ${{ github.ref != 'refs/heads/production' }} | |
| env: | |
| JSON_ARTIFACT_ID: json-playwright-report | |
| HTML_ARTIFACT_ID: html-playwright-report | |
| outputs: | |
| json_artifact_id: ${{ env.JSON_ARTIFACT_ID }} | |
| json_deploy_to: _data/${{ steps.variables.outputs.report_path }} | |
| html_artifact_id: ${{ env.HTML_ARTIFACT_ID }} | |
| html_deploy_to: ${{ steps.variables.outputs.report_path }} | |
| commit_msg: ${{ steps.variables.outputs.commit_msg }} | |
| output_url: ${{ steps.variables.outputs.report_path }}${{ steps.variables.outputs.report_name }}.html | |
| actualResult: ${{ steps.e2e-test.conclusion }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | |
| uses: ./.github/actions/setup | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| role-duration-seconds: 10800 | |
| - name: Run e2e tests | |
| id: e2e-test | |
| continue-on-error: true | |
| run: run e2e | |
| - name: Set Report Path and Name | |
| id: variables | |
| run: | | |
| if [[ ${{ github.ref_name }} == 'main' ]]; then | |
| echo "report_path=playwright-reports/" >> "$GITHUB_OUTPUT" | |
| echo "report_name=main" >> "$GITHUB_OUTPUT" | |
| echo "commit_msg=update Playwright report for main" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "report_path=playwright-reports/branches/${{ github.ref_name }}/" >> "$GITHUB_OUTPUT" | |
| echo "report_name=${{ github.run_id }}" >> "$GITHUB_OUTPUT" | |
| echo "commit_msg=add Playwright report for branch ${{ github.ref_name }}, run-id ${{ github.run_id }}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Rename Reports | |
| working-directory: test/e2e/playwright-reports/ | |
| run: | | |
| mv playwright-summary.json ${{ steps.variables.outputs.report_name }}.json | |
| cd html-report | |
| mv index.html ${{ steps.variables.outputs.report_name }}.html | |
| - name: Upload JSON Report | |
| uses: actions/upload-artifact@v4 | |
| id: upload-json | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: ${{ env.JSON_ARTIFACT_ID }} | |
| path: test/e2e/playwright-reports/${{ steps.variables.outputs.report_name }}.json | |
| retention-days: 30 | |
| - name: Upload HTML Report | |
| uses: actions/upload-artifact@v4 | |
| id: upload-html | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: ${{ env.HTML_ARTIFACT_ID }} | |
| path: test/e2e/playwright-reports/html-report/${{ steps.variables.outputs.report_name }}.html | |
| retention-days: 30 | |
| publish: | |
| needs: [e2e] | |
| uses: ./.github/workflows/push-to-gh-pages.yml | |
| if: ${{ github.ref != 'refs/heads/production' }} && ${{ github.ref != 'refs/heads/val' }} | |
| with: | |
| FILE_1_ARTIFACT_ID: ${{ needs.e2e.outputs.json_artifact_id }} | |
| FILE_1_DEPLOY_TO: ${{ needs.e2e.outputs.json_deploy_to }} | |
| FILE_2_ARTIFACT_ID: ${{ needs.e2e.outputs.html_artifact_id }} | |
| FILE_2_DEPLOY_TO: ${{ needs.e2e.outputs.html_deploy_to }} | |
| COMMIT_MSG: ${{ needs.e2e.outputs.commit_msg }} | |
| URL_PATH: ${{ needs.e2e.outputs.output_url }} | |
| cfn-nag: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - uses: ./.github/actions/setup | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| role-duration-seconds: 10800 | |
| - name: Get CloudFormation templates | |
| id: getCfts | |
| run: | | |
| mkdir -p cftemplates | |
| stackList=(`aws cloudformation describe-stacks --query "Stacks[?Tags[?Key=='STAGE' && Value=='$STAGE_NAME'] && Tags[?Key=='PROJECT' && Value=='$PROJECT']].StackName" --output text`) | |
| for stack in "${stackList[@]}"; do | |
| aws cloudformation get-template --stack-name "$stack" --query TemplateBody > "cftemplates/${stack}.json" | |
| done | |
| - name: Stelligent cfn_nag | |
| uses: stelligent/cfn_nag@v0.8.6 | |
| with: | |
| input_path: cftemplates | |
| resources: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| environment: | |
| name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - uses: ./.github/actions/setup | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| role-duration-seconds: 10800 | |
| - name: Get AWS Stage Resources | |
| id: stage-resources | |
| run: | | |
| mkdir -p resources | |
| resourceData=() | |
| stackList=(`aws cloudformation describe-stacks --query "Stacks[?Tags[?Key=='STAGE' && Value=='$STAGE_NAME'] && Tags[?Key=='PROJECT' && Value=='$PROJECT']].StackName" --output text`) | |
| for stack in "${stackList[@]}"; do | |
| resources=$(aws cloudformation list-stack-resources --stack-name "$stack" --query "StackResourceSummaries[].{PhysicalResourceId:PhysicalResourceId, ResourceType:ResourceType, ResourceStatus:ResourceStatus, LogicalResourceId:LogicalResourceId, LastUpdatedTimestamp:LastUpdatedTimestamp}" --output json) | |
| resourceData+=( $(echo "$resources" | jq -c --arg stack_name "$stack" '.[] + { StackName: $stack_name }') ) | |
| done | |
| join_by() { local IFS="$1"; shift; echo "$*"; } | |
| echo "["$(join_by "," "${resourceData[@]}")"]" > "resources/aws-resources.json" | |
| - name: Archive stage resources | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: aws-resources-${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
| path: resources/aws-resources.json | |
| release: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - e2e | |
| - cfn-nag | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - uses: ./.github/actions/setup | |
| - name: Install | |
| run: bun install | |
| - name: Release | |
| run: bun semantic-release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |