Skip to content

Update detected

Update detected #1626

on:
push:
tags:
- '202*'
workflow_dispatch:
name: AAA - Policy Validation
env:
project: 'mamip'
jobs:
build:
name: AWS Access Analyzer - Policy Validation
permissions:
id-token: write
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
- name: AWS IAM Assume Role
uses: aws-actions/configure-aws-credentials@master
with:
aws-region: ${{ secrets.REGION }}
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
role-duration-seconds: 1200
role-session-name: GH-Actions-${{ env.project }}-policy-validation
- name: Who Am I?
run: aws sts get-caller-identity
- name: Python version
run: python3 --version
- name: pwd
run: |
pwd
ls -l
- name: Install python requirements
run: python3 -m pip install -r ./automation/requirements.txt
- name: Retrieve the list of current AWS Managed Policies
run: aws iam list-policies --scope AWS > policies-list.json
- name: AWS Access Analyzer - Policy Validation
run: python3 ./automation/validate-batch.py
- name: Commit findings
run: |
git config --local user.email "mamip@noreply"
git config --local user.name "mamip-github-actions[bot]"
git add ./findings
git add DEPRECATED.json
git add policies-list.json
git commit -m "AccessAnalyzer - Policy Validation" || :
- name: Push findings
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: master