IAM Definition Update #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: IAM Definition Update | |
| on: | |
| schedule: | |
| # Run on the first day of the month | |
| - cron: '0 0 1 * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| update-actions: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup python | |
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | |
| with: | |
| python-version: '3.8' | |
| - name: install dependencies | |
| run: | | |
| pip install -r requirements.txt | |
| pip install click_log | |
| - name: install policy_sentry | |
| run: echo "PYTHONPATH=$(pwd)" >> "$GITHUB_ENV" | |
| - name: Run initialize | |
| run: | | |
| python .github/scripts/update_data.py | |
| if [[ $(du -m /tmp/.policy_sentry/iam-definition.json | cut -f1) -lt 3 ]]; then | |
| echo "File size is less than 3 MB, something is wrong with this update" | |
| exit 1 | |
| fi | |
| cp -f /tmp/.policy_sentry/iam-definition.json "$(pwd)/policy_sentry/shared/data/iam-definition.json" | |
| cp -rf /tmp/.policy_sentry/data/docs "$(pwd)/policy_sentry/shared/data/" | |
| - name: Set outputs | |
| id: vars | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: PR if files were updated | |
| uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c #v6.1.0 | |
| with: | |
| commit-message: Update database | |
| title: 'Updates database' | |
| body: This is an automated PR created because AWS IAM definitions have changed. | |
| branch: ${{ steps.vars.outputs.sha_short }} | |
| delete-branch: true | |
| labels: | | |
| automation | |
| ci-after-update: | |
| runs-on: ubuntu-latest | |
| needs: update-actions | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup Python | |
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | |
| with: | |
| python-version: '3.8' | |
| - name: Install dependencies | |
| run: | | |
| pip install -r requirements.txt | |
| pip install -r requirements-dev.txt | |
| - run: invoke build.install-package | |
| - run: invoke integration.clean | |
| - run: invoke integration.version | |
| - run: invoke integration.initialize | |
| - run: invoke unit.pytest | |
| - run: invoke integration.query | |
| - run: invoke integration.write-policy | |
| - run: invoke build.uninstall-package |