Add a check for managed_policy conflicts on aws.iam.Role #49
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
env: | |
AWS_REGION: us-west-2 | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GO111MODULE: "on" | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
PROVIDER: policy-aws | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
PULUMI_API: https://api.pulumi-staging.io | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
PR_COMMIT_SHA: ${{ github.event.client_payload.pull_request.head.sha }} | |
jobs: | |
comment-notification: | |
# We only care about adding the result to the PR if it's a repository_dispatch event | |
if: github.event_name == 'repository_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Create URL to the run output | |
id: vars | |
run: echo run-url=https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID >> "$GITHUB_OUTPUT" | |
- name: Update with Result | |
uses: peter-evans/create-or-update-comment@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
repository: ${{ github.event.client_payload.github.payload.repository.full_name }} | |
issue-number: ${{ github.event.client_payload.github.payload.issue.number }} | |
body: | | |
Please view the PR build - ${{ steps.vars.outputs.run-url }} | |
lint: | |
name: lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{matrix.node-version}} | |
registry-url: https://registry.npmjs.org | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.2.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Checkout Repo | |
uses: actions/checkout@v2 | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Yarn | |
run: curl -o- -L https://yarnpkg.com/install.sh | bash -s -- --version 1.13.0 | |
- name: Update PATH for Yarn | |
run: | | |
echo "$HOME/.yarn/bin" >> $GITHUB_PATH | |
echo "$HOME/.config/yarn/global/node_modules/.bin" >> $GITHUB_PATH | |
- name: Ensure | |
run: | | |
make ensure | |
- name: Lint Node | |
run: | | |
cd src && make lint | |
build_and_test: | |
name: Build and Test SDK | |
runs-on: ${{ matrix.platform }} | |
if: github.event_name == 'repository_dispatch' || github.event.pull_request.head.repo.full_name == github.repository | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ env.PR_COMMIT_SHA }} | |
- name: Unshallow clone for tags | |
run: git fetch --prune --unshallow --tags | |
- name: Install Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ${{ matrix.go-version }} | |
- name: Install pulumictl | |
uses: jaxxstorm/action-install-gh-release@v1.1.0 | |
with: | |
repo: pulumi/pulumictl | |
- name: Install Pulumi CLI | |
uses: pulumi/action-install-pulumi-cli@v1.0.1 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{matrix.node-version}} | |
registry-url: https://registry.npmjs.org | |
- name: Ensure dependencies | |
run: make ensure | |
- name: Checkout Scripts Repo | |
uses: actions/checkout@v2 | |
with: | |
path: ci-scripts | |
repository: pulumi/scripts | |
- run: echo "ci-scripts" >> .git/info/exclude # actions/checkout#197 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-region: ${{ env.AWS_REGION }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-duration-seconds: 3600 | |
role-session-name: ${{ env.PROVIDER }}@githubActions | |
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
- name: Build SDK | |
run: make only_build | |
- name: Check worktree clean | |
run: ./ci-scripts/ci/check-worktree-is-clean | |
- name: Run Unit Tests | |
run: make only_test_fast | |
- name: Run Integration Tests | |
run: make test_all | |
strategy: | |
fail-fast: true | |
matrix: | |
platform: [ ubuntu-latest ] | |
go-version: [ 1.17.x ] | |
node-version: [ 20 ] | |
name: Run Acceptance Tests from PR | |
on: | |
repository_dispatch: | |
types: [run-acceptance-tests-command] | |
pull_request: | |
branches: | |
- master |