Skip to content

new 7.4.2 section and swordfish maint (#3225) #8018

new 7.4.2 section and swordfish maint (#3225)

new 7.4.2 section and swordfish maint (#3225) #8018

name: Publish Policy Files
on: push
env:
BUCKET: iam-resource-automation-do-not-delete
ZIPFILE: terraform-aws-Redislabs-Cloud-Account-IAM-Resources.zip
POLICY_DIR: policies
POLICY_1: static/code/rv/RedisLabsInstanceRolePolicy.json
POLICY_2: static/code/rv/RedisLabsIAMUserRestrictedPolicy.json
jobs:
check-for-changes:
runs-on: ubuntu-latest
outputs:
output1: ${{ steps.step1.outputs.test }}
steps:
- name: checkout repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get modified files using defaults
id: changed-files
uses: tj-actions/[email protected]
- name: setup output variable to non-null if there are files to process
id: step1
if: ${{ (contains(steps.changed-files.outputs.all_modified_files, env.POLICY_1) || contains(steps.changed-files.outputs.all_modified_files, env.POLICY_2)) }}
run:
echo "::set-output name=test::hello"
update-s3-snippets:
needs: check-for-changes
runs-on: ubuntu-latest
if: ${{needs.check-for-changes.outputs.output1 != null }}
steps:
- uses: actions/checkout@v2
- name: Configure AWS credentials from Redislabs account
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.REDISLABS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.REDISLABS_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: make snippets and move to s3
run: |
for file in ${{env.POLICY_1}} ${{env.POLICY_2}}
do
snippet=$(basename $file .json)Snippet.json
cat $file | jq '{ PolicyDocument: .}' >$snippet &&
aws s3 mv $snippet s3://${{env.BUCKET}}/
done
refresh-zip-file:
needs: check-for-changes
runs-on: ubuntu-latest
if: ${{needs.check-for-changes.outputs.output1 != null }}
steps:
- uses: actions/checkout@v2
- name: make the policy directory
run: mkdir ${{env.POLICY_DIR}}
- name: Configure AWS credentials from Redislabs account
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.REDISLABS_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.REDISLABS_AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: download zip file from S3
run: aws s3 cp s3://${{env.BUCKET}}/${{env.ZIPFILE}} ${{env.ZIPFILE}}
- name: get policy files
shell: bash
env:
TOKEN: ${{ secrets.TOKEN }}
run: |
cp static/code/rv/RedisLabs*Policy.json ${{env.POLICY_DIR}}
- name: zip policy files
uses: montudor/[email protected]
with:
args: zip -fv ${{env.ZIPFILE}} ${{env.POLICY_DIR}}/*
- name: upload zip file to s3
run: aws s3 mv ${{env.ZIPFILE}} s3://${{env.BUCKET}}/${{env.ZIPFILE}}
- name: remove the policy dir
run: rm -rf ${{env.POLICY_DIR}}
change-reporter:
needs: check-for-changes
runs-on: ubuntu-latest
steps:
- name: print value of check condition
run: echo "${{needs.check-for-changes.outputs.output1}}"
- name: no policy file changes detected
if: ${{needs.check-for-changes.outputs.output1 == null }}
run: |
echo no policy file changes detected
- name: policy file changes detected
if: ${{needs.check-for-changes.outputs.output1 != null }}
run: |
echo policy file changes detected