Update detected #1576
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
tags: | |
- '202*' | |
workflow_dispatch: | |
name: AAA - Policy Validation | |
env: | |
project: 'mamip' | |
jobs: | |
build: | |
name: AWS Access Analyzer - Policy Validation | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
with: | |
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token | |
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo | |
- name: AWS IAM Assume Role | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
aws-region: ${{ secrets.REGION }} | |
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }} | |
role-duration-seconds: 1200 | |
role-session-name: GH-Actions-${{ env.project }}-policy-validation | |
- name: Who Am I? | |
run: aws sts get-caller-identity | |
- name: Python version | |
run: python3 --version | |
- name: pwd | |
run: | | |
pwd | |
ls -l | |
- name: Install python requirements | |
run: python3 -m pip install -r ./automation/requirements.txt | |
- name: Retrieve the list of current AWS Managed Policies | |
run: aws iam list-policies --scope AWS > policies-list.json | |
- name: AWS Access Analyzer - Policy Validation | |
run: python3 ./automation/validate-batch.py | |
- name: Commit findings | |
run: | | |
git config --local user.email "mamip@noreply" | |
git config --local user.name "mamip-github-actions[bot]" | |
git add ./findings | |
git add DEPRECATED.json | |
git add policies-list.json | |
git commit -m "AccessAnalyzer - Policy Validation" || : | |
- name: Push findings | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
branch: master |