Updates AWS managed policies #2232
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Test / Publish / Release | |
concurrency: | |
group: test-${{ github.head_ref }} | |
cancel-in-progress: true | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- VERSION | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
finalize: | |
name: Finalize | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.9 | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- name: Get the version | |
id: get_version | |
run: echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT | |
- name: Update version references | |
run: make update-version-refs | |
- name: Ensure CHANGELOG exists for version | |
run: | | |
if [ ! -f CHANGELOG/v${{ steps.get_version.outputs.VERSION }}.md ]; then | |
echo "CHANGELOG/v${{ steps.get_version.outputs.VERSION }}.md does not exist" | |
exit 1 | |
fi | |
- name: Check for changes | |
id: changes | |
run: | | |
set -xuo pipefail # we intentionally do not use -e here, as rc=1 means we have changes | |
git diff | |
echo "CHANGED=$(git ls-files -m | wc -l | xargs)" >> $GITHUB_OUTPUT | |
- name: Commit changes | |
run: | | |
git config --local user.email "[email protected]" | |
git config --local user.name "GitHub Action" | |
git diff --exit-code || git commit -m "Finalize v${{ steps.get_version.outputs.VERSION }}" -a | |
if: steps.changes.outputs.CHANGED > 0 | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ secrets.OVERRIDE_TOKEN }} | |
branch: ${{ github.head_ref }} | |
if: steps.changes.outputs.CHANGED > 0 | |
- name: Get current SHA | |
run: git rev-parse HEAD > /tmp/sha | |
- name: Store SHA as artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ github.run_id }} | |
path: /tmp/sha | |
test-iam-floyd: | |
name: Test iam-floyd | |
needs: finalize | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
- name: Fetch latest SHA | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ github.run_id }} | |
path: /tmp/sha | |
- name: Store latest SHA as output | |
id: get_sha | |
run: echo "SHA=$(cat /tmp/sha/sha)" >> $GITHUB_OUTPUT | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: ${{ steps.get_sha.outputs.SHA }} | |
- name: Test npm package | |
run: make install test-typescript | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Update package version | |
run: | | |
npm version "$(cat VERSION)" --allow-same-version --no-git-tag-version | |
grep version package.json | |
- name: Dry run npm publish | |
run: make publish | |
test-cdk-iam-floyd: | |
name: Test cdk-iam-floyd | |
needs: finalize | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
- name: Fetch latest SHA | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ github.run_id }} | |
path: /tmp/sha | |
- name: Store latest SHA as output | |
id: get_sha | |
run: echo "SHA=$(cat /tmp/sha/sha)" >> $GITHUB_OUTPUT | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: ${{ steps.get_sha.outputs.SHA }} | |
- name: Build CDK variant | |
run: | | |
make install | |
make cdk | |
cat package.json | |
- name: Test npm package | |
run: | | |
make package | |
make test-typescript-cdk | |
make cdk-test | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Update package version | |
run: | | |
npm version "$(cat VERSION)" --allow-same-version --no-git-tag-version | |
grep version package.json | |
- name: Dry run npm publish | |
run: make publish | |
release: | |
name: Release | |
if: | | |
github.ref == 'refs/heads/main' && ( | |
github.event_name == 'push' || | |
github.event_name == 'workflow_dispatch' | |
) | |
needs: | |
- test-iam-floyd | |
- test-cdk-iam-floyd | |
runs-on: ubuntu-latest | |
steps: | |
- name: Fetch latest SHA | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ github.run_id }} | |
path: /tmp/sha | |
- name: Store latest SHA as output | |
id: get_sha | |
run: echo "SHA=$(cat /tmp/sha/sha)" >> $GITHUB_OUTPUT | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: ${{ steps.get_sha.outputs.SHA }} | |
- name: Get the version | |
id: get_version | |
run: echo "VERSION=$(cat VERSION)" >> $GITHUB_OUTPUT | |
- name: Create tag | |
run: | | |
git config --local user.email "${{ secrets.RELEASE_MAIL }}" | |
git config --local user.name "udondan" | |
git tag -a "v${{ steps.get_version.outputs.VERSION }}" -m "Creates tag v${{ steps.get_version.outputs.VERSION }}" | |
git push "https://udondan:${{ secrets.OVERRIDE_TOKEN }}@github.com/${{ github.repository }}.git" --tags | |
touch CHANGELOG/v${{ steps.get_version.outputs.VERSION }}.md | |
- name: Create release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.OVERRIDE_TOKEN }} | |
with: | |
tag_name: v${{ steps.get_version.outputs.VERSION }} | |
release_name: v${{ steps.get_version.outputs.VERSION }} | |
body_path: CHANGELOG/v${{ steps.get_version.outputs.VERSION }}.md | |
publish-iam-floyd: | |
name: Publish iam-floyd | |
if: | | |
github.ref == 'refs/heads/main' && ( | |
github.event_name == 'push' || | |
github.event_name == 'workflow_dispatch' | |
) | |
needs: release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
registry-url: https://registry.npmjs.org | |
- name: Fetch latest SHA | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ github.run_id }} | |
path: /tmp/sha | |
- name: Store latest SHA as output | |
id: get_sha | |
run: echo "SHA=$(cat /tmp/sha/sha)" >> $GITHUB_OUTPUT | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: ${{ steps.get_sha.outputs.SHA }} | |
- name: Update package version | |
run: | | |
npm version "$(cat VERSION)" --allow-same-version --no-git-tag-version | |
grep version package.json | |
- name: Publish to npm | |
run: make install build publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
publish-cdk-iam-floyd: | |
name: Publish cdk-iam-floyd | |
if: | | |
github.ref == 'refs/heads/main' && ( | |
github.event_name == 'push' || | |
github.event_name == 'workflow_dispatch' | |
) | |
needs: release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
registry-url: https://registry.npmjs.org | |
- name: Fetch latest SHA | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ github.run_id }} | |
path: /tmp/sha | |
- name: Store latest SHA as output | |
id: get_sha | |
run: echo "SHA=$(cat /tmp/sha/sha)" >> $GITHUB_OUTPUT | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
ref: ${{ steps.get_sha.outputs.SHA }} | |
- name: Update package version | |
run: | | |
npm version "$(cat VERSION)" --allow-same-version --no-git-tag-version | |
grep version package.json | |
- name: Build CDK variant | |
run: | | |
make install | |
make cdk | |
cat package.json | |
- name: Publish to npm | |
run: make build publish | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
success: | |
name: Test succeeded | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
needs: | |
- test-iam-floyd | |
- test-cdk-iam-floyd | |
steps: | |
- name: Report success | |
run: echo 'Success' |