ci: pin GitHub Actions to SHA digests (fix zizmor unpinned-uses) #227

Workflow file for this run

	name: CI

	# On every pull request, but only on push to main
	on:
	push:
	branches:
	- main
	tags:
	- '*'
	paths:
	- 'runtimes/**'
	- 'docker-compose.*'
	- '.github/workflows/ci.yml'
	- '.pre-commit-config.yaml'
	pull_request:
	workflow_dispatch:
	release:
	types: [published]

	jobs:
	tests:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
	- uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5
	- name: Install
	run: uv sync
	- name: Run pre-commit
	run: uv run pre-commit run --all-files

	- name: Launch services
	run: docker compose up -d

	- name: install lib postgres
	uses: nyurik/action-setup-postgis@228cfe4dd41aad01801a0bdc767040e5024fff1d # v2

	- name: Ingest Stac Items/Collection
	run: \|
	uv run pypgstac pgready --dsn postgresql://username:password@0.0.0.0:5439/postgis
	uv run pypgstac load collections .github/workflows/data/noaa-emergency-response.json --dsn postgresql://username:password@0.0.0.0:5439/postgis --method insert_ignore
	uv run pypgstac load items .github/workflows/data/noaa-eri-nashville2020.json --dsn postgresql://username:password@0.0.0.0:5439/postgis --method insert_ignore
	psql postgresql://username:password@0.0.0.0:5439/postgis -f .github/workflows/data/my_data.sql

	# see https://github.com/developmentseed/tipg/issues/37
	- name: Restart the Vector service
	run: \|
	docker compose restart vector

	- name: Sleep for 10 seconds
	run: sleep 10s
	shell: bash

	- name: Integrations tests
	run: uv run pytest .github/workflows/tests/

	- name: Stop services
	run: docker compose stop

	deploy:
	name: Deploy
	environment: dev
	needs: [tests]
	permissions:
	id-token: write
	contents: read
	runs-on: ubuntu-latest
	if: github.event_name == 'release' \|\| github.event_name == 'workflow_dispatch'
	env:
	STACK_NAME: eoapi-dev

	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4

	- name: Create config file
	run: \|
	echo "${{ vars.CONFIG_YAML }}" > config.yaml

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4
	with:
	role-to-assume: arn:aws:iam::390960605471:role/eoapi-devseed
	role-session-name: eoapi-devseed
	aws-region: us-west-2

	- name: Set up node
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
	with:
	node-version: 20

	- name: Install uv
	uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5

	- name: Install dependencies
	run: \|
	uv sync --only-group deploy
	uv run --only-group deploy npm install

	- name: CDK Synth
	run: uv run --only-group deploy npx cdk synth --all

	- name: CDK Deploy
	run: \|
	uv run --only-group deploy npx cdk deploy --all --require-approval never

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: pin GitHub Actions to SHA digests (fix zizmor unpinned-uses) #227

Workflow file

ci: pin GitHub Actions to SHA digests (fix zizmor unpinned-uses) #227

Uh oh!

Workflow file for this run