udondan/iam-floyd

View on GitHub
.github/workflows/index-managed-policies.yml

Summary

Maintainability
Test Coverage
---
name: Index managed policies

on:
  schedule:
    # Why 0:57 not and 1:00? Because most hourly jobs probably run at the hour.
    # Keeping concurrent jobs low reduces hardware requirements, being nice to
    # GitHub and the environment.
    - cron: 57 0 * * *
  workflow_dispatch:

jobs:
  index:
    runs-on: ubuntu-latest

    steps:
      - name: Setup node
        uses: actions/setup-node@v4
        with:
          node-version: 20.x

      - name: Checkout code
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          fetch-depth: 0

      - name: Index managed policies
        run: make install index-managed-policies
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

      - name: Check for changes
        id: changes
        run: |
          set -xuo pipefail # we intentionally do not use -e here, as rc=1 means we have changes
          git diff
          git diff --quiet || CHANGED=$?
          echo "CHANGED=${CHANGED:-0}" >> $GITHUB_OUTPUT

      - name: Configure git
        run: |
          set -xeuo pipefail
          git config --local user.email "${{ secrets.RELEASE_MAIL }}"
          git config --local user.name "udondan"
        if: steps.changes.outputs.CHANGED == '1'

      - name: Add all changes
        run: |
          set -xeuo pipefail
          rm -rf package-lock.json node_modules &&
          git add *
        if: steps.changes.outputs.CHANGED == '1'

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.OVERRIDE_TOKEN }}
          commit-message: Updates AWS managed policies
          title: Updates AWS managed policies
          body: Updates AWS managed policies
          branch: update-aws-managed-policies
          delete-branch: true
          committer: udondan <${{ secrets.RELEASE_MAIL }}>
          author: udondan <${{ secrets.RELEASE_MAIL }}>
          labels: automerge
        if: steps.changes.outputs.CHANGED == '1'