Merge pull request #1064 from guardian/aa/bump-anghammarad-again #1403

	# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
	name: CI

	on:
	pull_request:

	# Manual invocation.
	workflow_dispatch:

	push:
	branches:
	- main
	jobs:
	CI:
	runs-on: ubuntu-latest

	# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
	permissions:
	# required by aws-actions/configure-aws-credentials
	id-token: write
	contents: read
	steps:
	- uses: actions/checkout@v4

	# Setup AWS credentials to enable uploading to S3 for Riff-Raff.
	# See https://github.com/aws-actions/configure-aws-credentials
	- uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
	aws-region: eu-west-1

	# Configuring caching is also recommended.
	# See https://github.com/actions/setup-java
	- name: Setup Java 11
	uses: actions/setup-java@v3
	with:
	java-version: '11'
	distribution: 'corretto'
	cache: 'sbt'

	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version-file: '.nvmrc'
	cache: 'npm'
	cache-dependency-path: 'cdk/package-lock.json'

	- name: Run script/ci
	run: ./script/ci

	- uses: guardian/actions-riff-raff@v2
	with:
	projectName: security-hq
	# Seed the build number with last number from TeamCity.
	buildNumberOffset: 1265
	configPath: hq/conf/riff-raff.yaml
	contentDirectories: \|
	security-hq-cfn:
	- cdk/cdk.out/security-hq.template.json
	security-hq:
	- hq/target/security-hq.deb

Provide feedback