[resotocore][feat] Add AWS WAF Security #4055
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Note: this workflow is automatically generated via the `create_pr` script in the same folder. | |
# Please do not change the file, but the script! | |
name: Check PR (Plugin aws) | |
on: | |
push: | |
tags: | |
- "*.*.*" | |
branches: | |
- main | |
pull_request: | |
paths: | |
- 'resotolib/**' | |
- 'plugins/aws/**' | |
- '.github/**' | |
- 'requirements-all.txt' | |
jobs: | |
aws: | |
name: "aws" # Do not rename without also updating publish.yml | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Python | |
uses: actions/setup-python@v2 | |
with: | |
python-version: '3.10' | |
architecture: 'x64' | |
- name: Restore dependency cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: ${{runner.os}}-pip-${{hashFiles('./plugins/aws/pyproject.toml')}} | |
restore-keys: | | |
${{runner.os}}-pip- | |
- name: Install Dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install --upgrade --editable resotolib/ | |
pip install tox wheel flake8 build | |
- name: Run tests | |
working-directory: ./plugins/aws | |
run: tox | |
- name: Archive code coverage results | |
uses: actions/upload-artifact@v2 | |
with: | |
name: plugin-aws-code-coverage-report | |
path: ./plugins/aws/htmlcov/ | |
- name: Build a binary wheel and a source tarball | |
working-directory: ./plugins/aws | |
run: >- | |
python -m | |
build | |
--sdist | |
--wheel | |
--outdir dist/ | |
- name: Publish distribution to PyPI | |
if: github.ref_type == 'tag' | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_RESOTO_PLUGIN_AWS }} | |
packages_dir: ./plugins/aws/dist/ | |
- name: Upload AWS policies | |
if: github.event_name != 'pull_request' | |
working-directory: ./plugins/aws | |
run: | | |
pip install --upgrade --editable . | |
pip install --upgrade --editable ./tools/awspolicygen | |
export GITHUB_REF="${{ github.ref }}" | |
export GITHUB_REF_TYPE="${{ github.ref_type }}" | |
export GITHUB_EVENT_NAME="${{ github.event_name }}" | |
export API_TOKEN="${{ secrets.API_TOKEN }}" | |
export SPACES_KEY="${{ secrets.SPACES_KEY }}" | |
export SPACES_SECRET="${{ secrets.SPACES_SECRET }}" | |
export AWS_ACCESS_KEY_ID="${{ secrets.S3_RESOTOPUBLIC_AWS_ACCESS_KEY_ID }}" | |
export AWS_SECRET_ACCESS_KEY="${{ secrets.S3_RESOTOPUBLIC_AWS_SECRET_ACCESS_KEY }}" | |
awspolicygen --verbose --spaces-name somecdn --spaces-region ams3 --spaces-path resoto/aws/ --aws-s3-bucket resotopublic --aws-s3-bucket-path cf/ |