.github/workflows/index-managed-policies.yml
---
name: Index managed policies
on:
schedule:
# Why 0:57 not and 1:00? Because most hourly jobs probably run at the hour.
# Keeping concurrent jobs low reduces hardware requirements, being nice to
# GitHub and the environment.
- cron: 57 0 * * *
workflow_dispatch:
jobs:
index:
runs-on: ubuntu-latest
steps:
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 20.x
- name: Checkout code
uses: actions/checkout@v4
with:
persist-credentials: false
fetch-depth: 0
- name: Index managed policies
run: make install index-managed-policies
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Check for changes
id: changes
run: |
set -xuo pipefail # we intentionally do not use -e here, as rc=1 means we have changes
git diff
git diff --quiet || CHANGED=$?
echo "CHANGED=${CHANGED:-0}" >> $GITHUB_OUTPUT
- name: Configure git
run: |
set -xeuo pipefail
git config --local user.email "${{ secrets.RELEASE_MAIL }}"
git config --local user.name "udondan"
if: steps.changes.outputs.CHANGED == '1'
- name: Add all changes
run: |
set -xeuo pipefail
rm -rf package-lock.json node_modules &&
git add *
if: steps.changes.outputs.CHANGED == '1'
- name: Create Pull Request
uses: peter-evans/create-pull-request@v6
with:
token: ${{ secrets.OVERRIDE_TOKEN }}
commit-message: Updates AWS managed policies
title: Updates AWS managed policies
body: Updates AWS managed policies
branch: update-aws-managed-policies
delete-branch: true
committer: udondan <${{ secrets.RELEASE_MAIL }}>
author: udondan <${{ secrets.RELEASE_MAIL }}>
labels: automerge
if: steps.changes.outputs.CHANGED == '1'