Bump github/codeql-action from 3.24.8 to 3.24.9 (#1119) #2038
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths-ignore: | |
| - '**/*.md' | |
| - '**/*.gitignore' | |
| - '**/*.gitattributes' | |
| pull_request: | |
| branches: | |
| - main | |
| - dotnet-vnext | |
| - dotnet-nightly | |
| workflow_dispatch: | |
| env: | |
| ARTIFACT_NAME: 'lambda' | |
| AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }} | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| DOTNET_CLI_TELEMETRY_OPTOUT: true | |
| DOTNET_GENERATE_ASPNET_CERTIFICATE: false | |
| DOTNET_MULTILEVEL_LOOKUP: 0 | |
| DOTNET_NOLOGO: true | |
| DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 | |
| DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1 | |
| LAMBDA_DESCRIPTION: 'Deploy build ${{ github.run_number }} to AWS Lambda via GitHub Actions' | |
| LAMBDA_FUNCTION: 'alexa-london-travel' | |
| LAMBDA_ROLE: ${{ vars.AWS_LAMBDA_ROLE }} | |
| NUGET_XMLDOC_MODE: skip | |
| TERM: xterm | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ macos-latest, ubuntu-latest, windows-latest ] | |
| include: | |
| - os: macos-latest | |
| os_name: macos | |
| - os: ubuntu-latest | |
| os_name: linux | |
| - os: windows-latest | |
| os_name: windows | |
| steps: | |
| - name: Setup arm64 support for native AoT | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: | | |
| sudo dpkg --add-architecture arm64 | |
| sudo bash -c 'cat > /etc/apt/sources.list.d/arm64.list <<EOF | |
| deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted | |
| deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted | |
| deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverse | |
| EOF' | |
| sudo sed -i -e 's/deb http/deb [arch=amd64] http/g' /etc/apt/sources.list | |
| sudo sed -i -e 's/deb mirror/deb [arch=amd64] mirror/g' /etc/apt/sources.list | |
| sudo apt update | |
| sudo apt install --yes clang llvm binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu zlib1g-dev:arm64 | |
| - name: Checkout code | |
| uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 | |
| - name: Build, Test and Package | |
| shell: pwsh | |
| run: ./build.ps1 | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 | |
| with: | |
| file: ./artifacts/coverage/coverage.cobertura.xml | |
| flags: ${{ matrix.os_name }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - name: Publish artifacts | |
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| with: | |
| name: artifacts-${{ matrix.os_name }} | |
| path: ./artifacts | |
| - name: Create Lambda ZIP file | |
| if: runner.os == 'Linux' | |
| shell: bash | |
| run: | | |
| cd "./artifacts/publish/LondonTravel.Skill/release_linux-arm64" || exit | |
| if [ -f "./bootstrap" ] | |
| then | |
| chmod +x ./bootstrap | |
| fi | |
| zip -r "../../../${LAMBDA_FUNCTION}.zip" . || exit 1 | |
| - name: Publish deployment package | |
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
| if: runner.os == 'Linux' && success() | |
| with: | |
| name: ${{ env.ARTIFACT_NAME }} | |
| path: ./artifacts/${{ env.LAMBDA_FUNCTION }}.zip | |
| if-no-files-found: error | |
| deploy-dev: | |
| if: | | |
| github.event.repository.fork == false && | |
| github.ref_name == github.event.repository.default_branch | |
| name: dev | |
| needs: build | |
| concurrency: dev_environment | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: dev | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Set function name | |
| shell: bash | |
| run: | | |
| echo "FUNCTION_NAME=${LAMBDA_FUNCTION}-dev" >> "$GITHUB_ENV" | |
| - name: Download artifacts | |
| uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | |
| with: | |
| name: ${{ env.ARTIFACT_NAME }} | |
| - name: Get Lambda configuration | |
| shell: bash | |
| run: | | |
| LAMBDA_CONFIG="$(unzip -p "${LAMBDA_FUNCTION}.zip" aws-lambda-tools-defaults.json)" | |
| { | |
| echo "LAMBDA_ARCHITECTURES=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-architecture"')" | |
| echo "LAMBDA_HANDLER=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-handler"')" | |
| echo "LAMBDA_MEMORY=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-memory-size"')" | |
| echo "LAMBDA_RUNTIME=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-runtime"')" | |
| echo "LAMBDA_TIMEOUT=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-timeout"')" | |
| } >> "$GITHUB_ENV" | |
| - name: Get Lambda environment variables | |
| env: | |
| SKILL_API_URL: ${{ vars.SKILL_API_URL }} | |
| SKILL_ID: ${{ secrets.SKILL_ID }} | |
| TFL_APPLICATION_ID: ${{ secrets.TFL_APPLICATION_ID }} | |
| TFL_APPLICATION_KEY: ${{ secrets.TFL_APPLICATION_KEY }} | |
| VERIFY_SKILL_ID: "true" | |
| shell: bash | |
| run: | | |
| lambda_vars="{\ | |
| \"Variables\": {\ | |
| \"SSL_CERT_FILE\": \"/tmp/noop\",\ | |
| \"Skill__SkillApiUrl\": \"${SKILL_API_URL}\",\ | |
| \"Skill__SkillId\": \"${SKILL_ID}\",\ | |
| \"Skill__TflApplicationId\": \"${TFL_APPLICATION_ID}\",\ | |
| \"Skill__TflApplicationKey\": \"${TFL_APPLICATION_KEY}\",\ | |
| \"Skill__VerifySkillId\": \"${VERIFY_SKILL_ID}\"\ | |
| }\ | |
| }" | |
| echo "LAMBDA_ENVIRONMENT_VARIABLES=${lambda_vars}" >> "$GITHUB_ENV" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-deploy | |
| role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-deploy-dev | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Update function code | |
| shell: bash | |
| run: | | |
| aws lambda update-function-code \ | |
| --function-name "${FUNCTION_NAME}" \ | |
| --architectures "${LAMBDA_ARCHITECTURES}" \ | |
| --zip-file "fileb://./${LAMBDA_FUNCTION}.zip" | |
| - name: Wait for function code update | |
| shell: bash | |
| run: | | |
| aws lambda wait function-updated-v2 \ | |
| --function-name "${FUNCTION_NAME}" | |
| - name: Update function configuration | |
| shell: bash | |
| env: | |
| LAMBDA_LAYERS: ${{ vars.AWS_LAMBDA_LAYERS }} | |
| LAMBDA_TRACING_MODE: ${{ vars.AWS_TRACING_MODE }} | |
| run: | | |
| aws lambda update-function-configuration \ | |
| --function-name "${FUNCTION_NAME}" \ | |
| --description "${LAMBDA_DESCRIPTION}" \ | |
| --environment "${LAMBDA_ENVIRONMENT_VARIABLES}" \ | |
| --handler "${LAMBDA_HANDLER}" \ | |
| --layers "${LAMBDA_LAYERS}" \ | |
| --memory-size "${LAMBDA_MEMORY}" \ | |
| --role "${LAMBDA_ROLE}" \ | |
| --runtime "${LAMBDA_RUNTIME}" \ | |
| --timeout "${LAMBDA_TIMEOUT}" \ | |
| --tracing-config "Mode=${LAMBDA_TRACING_MODE}" | |
| - name: Wait for function configuration update | |
| shell: bash | |
| run: | | |
| aws lambda wait function-updated-v2 \ | |
| --function-name "${FUNCTION_NAME}" | |
| tests-dev: | |
| name: tests-dev | |
| needs: deploy-dev | |
| runs-on: ubuntu-latest | |
| concurrency: dev_environment | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-test | |
| role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-tests-dev | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Run end-to-end tests | |
| shell: pwsh | |
| run: dotnet test ./test/LondonTravel.Skill.EndToEndTests --configuration Release --logger "GitHubActions;report-warnings=false" | |
| env: | |
| LAMBDA_FUNCTION_NAME: ${{ env.LAMBDA_FUNCTION }}-dev | |
| LWA_CLIENT_ID: ${{ secrets.LWA_CLIENT_ID }} | |
| LWA_CLIENT_SECRET: ${{ secrets.LWA_CLIENT_SECRET }} | |
| LWA_REFRESH_TOKEN: ${{ secrets.LWA_REFRESH_TOKEN }} | |
| SKILL_ID: ${{ secrets.SKILL_ID }} | |
| SKILL_STAGE: development | |
| deploy-prod: | |
| name: production | |
| needs: tests-dev | |
| runs-on: ubuntu-latest | |
| concurrency: production_environment | |
| environment: | |
| name: production | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Set function name | |
| shell: bash | |
| run: | | |
| echo "FUNCTION_NAME=${LAMBDA_FUNCTION}" >> "$GITHUB_ENV" | |
| - name: Download artifacts | |
| uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 | |
| with: | |
| name: ${{ env.ARTIFACT_NAME }} | |
| - name: Get Lambda configuration | |
| shell: bash | |
| run: | | |
| LAMBDA_CONFIG="$(unzip -p "${LAMBDA_FUNCTION}.zip" aws-lambda-tools-defaults.json)" | |
| { | |
| echo "LAMBDA_ARCHITECTURES=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-architecture"')" | |
| echo "LAMBDA_HANDLER=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-handler"')" | |
| echo "LAMBDA_MEMORY=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-memory-size"')" | |
| echo "LAMBDA_RUNTIME=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-runtime"')" | |
| echo "LAMBDA_TIMEOUT=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-timeout"')" | |
| } >> "$GITHUB_ENV" | |
| - name: Get Lambda environment variables | |
| env: | |
| SKILL_API_URL: ${{ vars.SKILL_API_URL }} | |
| SKILL_ID: ${{ secrets.SKILL_ID }} | |
| TFL_APPLICATION_ID: ${{ secrets.TFL_APPLICATION_ID }} | |
| TFL_APPLICATION_KEY: ${{ secrets.TFL_APPLICATION_KEY }} | |
| VERIFY_SKILL_ID: "true" | |
| shell: bash | |
| run: | | |
| lambda_vars="{\ | |
| \"Variables\": {\ | |
| \"SSL_CERT_FILE\": \"/tmp/noop\",\ | |
| \"Skill__SkillApiUrl\": \"${SKILL_API_URL}\",\ | |
| \"Skill__SkillId\": \"${SKILL_ID}\",\ | |
| \"Skill__TflApplicationId\": \"${TFL_APPLICATION_ID}\",\ | |
| \"Skill__TflApplicationKey\": \"${TFL_APPLICATION_KEY}\",\ | |
| \"Skill__VerifySkillId\": \"${VERIFY_SKILL_ID}\"\ | |
| }\ | |
| }" | |
| echo "LAMBDA_ENVIRONMENT_VARIABLES=${lambda_vars}" >> "$GITHUB_ENV" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-deploy | |
| role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-deploy-production | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Update function code | |
| shell: bash | |
| run: | | |
| aws lambda update-function-code \ | |
| --function-name "${FUNCTION_NAME}" \ | |
| --architectures "${LAMBDA_ARCHITECTURES}" \ | |
| --zip-file "fileb://./${LAMBDA_FUNCTION}.zip" | |
| - name: Wait for function code update | |
| shell: bash | |
| run: | | |
| aws lambda wait function-updated-v2 \ | |
| --function-name "${FUNCTION_NAME}" | |
| - name: Update function configuration | |
| shell: bash | |
| env: | |
| LAMBDA_LAYERS: ${{ vars.AWS_LAMBDA_LAYERS }} | |
| LAMBDA_TRACING_MODE: ${{ vars.AWS_TRACING_MODE }} | |
| run: | | |
| aws lambda update-function-configuration \ | |
| --function-name "${FUNCTION_NAME}" \ | |
| --description "${LAMBDA_DESCRIPTION}" \ | |
| --environment "${LAMBDA_ENVIRONMENT_VARIABLES}" \ | |
| --handler "${LAMBDA_HANDLER}" \ | |
| --layers "${LAMBDA_LAYERS}" \ | |
| --memory-size "${LAMBDA_MEMORY}" \ | |
| --role "${LAMBDA_ROLE}" \ | |
| --runtime "${LAMBDA_RUNTIME}" \ | |
| --timeout "${LAMBDA_TIMEOUT}" \ | |
| --tracing-config "Mode=${LAMBDA_TRACING_MODE}" | |
| - name: Wait for function configuration update | |
| shell: bash | |
| run: | | |
| aws lambda wait function-updated-v2 \ | |
| --function-name "${FUNCTION_NAME}" | |
| tests-prod: | |
| needs: deploy-prod | |
| runs-on: ubuntu-latest | |
| concurrency: production_environment | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 | |
| - name: Setup .NET SDK | |
| uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-test | |
| role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-tests-production | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Run end-to-end tests | |
| shell: pwsh | |
| run: dotnet test ./test/LondonTravel.Skill.EndToEndTests --configuration Release --logger "GitHubActions;report-warnings=false" | |
| env: | |
| LAMBDA_FUNCTION_NAME: ${{ env.LAMBDA_FUNCTION }} | |
| LWA_CLIENT_ID: ${{ secrets.LWA_CLIENT_ID }} | |
| LWA_CLIENT_SECRET: ${{ secrets.LWA_CLIENT_SECRET }} | |
| LWA_REFRESH_TOKEN: ${{ secrets.LWA_REFRESH_TOKEN }} | |
| SKILL_ID: ${{ secrets.SKILL_ID }} | |
| SKILL_STAGE: live |