Skip to content

Check code freshness #72

Check code freshness

Check code freshness #72

name: Check code freshness
on:
workflow_dispatch:
schedule:
- cron: "0 5 * * 1"
jobs:
check:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-2
role-to-assume: arn:aws:iam::561178107736:role/DevOps-GitHubOidcFederatedRole
role-session-name: GitHubActions-CheckCodeFreshness
- name: Find stale parameters
run: |
threshold=$(date --date="90 days ago" +%FT%H:%M:%SZ)
json=$(aws ssm describe-parameters --region us-east-1 --parameter-filters Key=Name,Option=Contains,Values=pkg)
if [ ! -z "$json" ]; then
list=$(echo $json | jq --raw-output -c --arg d "$threshold" '.Parameters[] | select( .Name | contains("/prx/prod/Spire/")) | select(.LastModifiedDate < $d) | .Name')
aws ses send-email \
--region us-east-1 \
--from "${{secrets.MAIL_FROM}}" \
--to "[email protected]" \
--subject "Code Freshness Report" \
--text "$list"
next_token=$(echo $json | jq -r ".NextToken")
if [ -z "$next_token" ]; then
echo "! Some parameters were not included in the list"
fi
fi