IAM Definition Update #70
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: IAM Definition Update | |
| on: | |
| schedule: | |
| # Run on the first day of the month | |
| - cron: '0 0 1 * *' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| update-actions: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2 | |
| with: | |
| activate-environment: true | |
| - run: | | |
| uv sync --frozen | |
| uv pip install click_log | |
| - name: setup policy_sentry CLI | |
| run: echo "PYTHONPATH=$(pwd)" >> "$GITHUB_ENV" | |
| - name: Run initialize | |
| run: | | |
| python .github/scripts/update_data.py | |
| if [[ $(du -m /tmp/.policy_sentry/iam-definition.json | cut -f1) -lt 3 ]]; then | |
| echo "File size is less than 3 MB, something is wrong with this update" | |
| exit 1 | |
| fi | |
| cp -f /tmp/.policy_sentry/iam-definition.json "$(pwd)/policy_sentry/shared/data/iam-definition.json" | |
| cp -rf /tmp/.policy_sentry/data/docs "$(pwd)/policy_sentry/shared/data/" | |
| - name: Set outputs | |
| id: vars | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: PR if files were updated | |
| uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8 | |
| with: | |
| commit-message: Update database | |
| title: 'Updates database' | |
| body: This is an automated PR created because AWS IAM definitions have changed. | |
| branch: ${{ steps.vars.outputs.sha_short }} | |
| delete-branch: true | |
| labels: | | |
| automation | |
| ci-after-update: | |
| runs-on: ubuntu-latest | |
| needs: update-actions | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: astral-sh/setup-uv@85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41 # v7.1.2 | |
| with: | |
| activate-environment: true | |
| - run: uv sync --frozen | |
| - run: just build-package | |
| - run: just unit-tests | |
| - run: just integration-tests |