Skip to content

Merge pull request #7 from k-paulius/s3dataaccess #17

Merge pull request #7 from k-paulius/s3dataaccess

Merge pull request #7 from k-paulius/s3dataaccess #17

on:
push:
branches: [ main ]
permissions:
contents: write
jobs:
deploy:
name: Publish
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: GenerateFiles
run: |
curl -s https://raw.githubusercontent.com/iann0036/iam-dataset/main/aws/iam_definition.json -o iam_definition.json
./scripts/annotate-list.py --output-yaml annotated.yaml --output-json annotated.json
for t in PrivEsc ResourceExposure CredentialExposure DataAccess ALL ; do
./scripts/policy-generation.py --risk $t --action-file actions.yaml --policy-file policies/$t.json
done
- name: Commit files
run: |
CHANGES=`git diff | wc -l`
if [[ $CHANGES -eq 0 ]] ; then
exit 0
fi
git config --global user.name 'GitHubAction'
git config --global user.email '[email protected]'
git add .
git commit -am "Automated file generation"
git push