[aws][feat] Take only active findings for GuardDuty and Inspector2 services #5263
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note: this workflow is automatically generated via the `create_pr` script in the same folder. | |
# Please do not change the file, but the script! | |
name: Check PR (Plugin aws) | |
on: | |
push: | |
tags: | |
- "*.*.*" | |
branches: | |
- main | |
pull_request: | |
paths: | |
- 'fixlib/**' | |
- 'plugins/aws/**' | |
- '.github/**' | |
- 'requirements-all.txt' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
aws: | |
name: "aws" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
architecture: 'x64' | |
- name: Restore dependency cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.cache/pip | |
key: ${{runner.os}}-pip-${{hashFiles('./plugins/aws/pyproject.toml')}} | |
restore-keys: | | |
${{runner.os}}-pip- | |
- name: Install Dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install --upgrade --editable fixlib/ | |
pip install tox wheel flake8 build | |
- name: Run tests | |
working-directory: ./plugins/aws | |
run: tox | |
- name: Archive code coverage results | |
uses: actions/upload-artifact@v4 | |
with: | |
name: plugin-aws-code-coverage-report | |
path: ./plugins/aws/htmlcov/ | |
- name: Build a binary wheel and a source tarball | |
working-directory: ./plugins/aws | |
run: >- | |
python -m | |
build | |
--sdist | |
--wheel | |
--outdir dist/ | |
- name: Publish distribution to PyPI | |
if: github.ref_type == 'tag' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_FIXINVENTORY_PLUGIN_AWS }} | |
packages_dir: ./plugins/aws/dist/ | |
- name: Upload AWS policies | |
if: github.event_name != 'pull_request' | |
working-directory: ./plugins/aws | |
run: | | |
pip install --upgrade --editable . | |
pip install --upgrade --editable ./tools/awspolicygen | |
export GITHUB_REF="${{ github.ref }}" | |
export GITHUB_REF_TYPE="${{ github.ref_type }}" | |
export GITHUB_EVENT_NAME="${{ github.event_name }}" | |
export API_TOKEN="${{ secrets.API_TOKEN }}" | |
export SPACES_KEY="${{ secrets.SPACES_KEY }}" | |
export SPACES_SECRET="${{ secrets.SPACES_SECRET }}" | |
export AWS_ACCESS_KEY_ID="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_ACCESS_KEY_ID }}" | |
export AWS_SECRET_ACCESS_KEY="${{ secrets.S3_FIXINVENTORYPUBLIC_AWS_SECRET_ACCESS_KEY }}" | |
awspolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path fix/aws/ --aws-s3-bucket fixinventorypublic --aws-s3-bucket-path cf/ |