testing drift v2 in flow #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Devolv Action | ||
| on: | ||
| push: | ||
| branches: [ main ] | ||
| pull_request: | ||
| branches: [ main ] | ||
| jobs: | ||
| validate-devolv: | ||
| name: Devolv - Validate IAM Policies | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout test repo | ||
| uses: actions/checkout@v3 | ||
| - name: Run Devolv Validate | ||
| uses: devolvdev/devolv-actions@v1 | ||
| with: | ||
| tool: validate | ||
| path: ./sample_policies | ||
| continue-on-error: true | ||
| drift-devolv: | ||
| name: Devolv - Detect IAM Policy Drift | ||
| runs-on: ubuntu-latest | ||
| needs: validate-devolv | ||
| steps: | ||
| - name: Checkout test repo | ||
| uses: actions/checkout@v3 | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: ******* | ||
| role-to-assume: arn:aws:iam::*******:role/DevolvCIRole | ||
| role-skip-session-tagging: true | ||
| - name: Run Devolv Drift Detection | ||
| uses: devolvdev/devolv-actions@v1 | ||
| with: | ||
| tool: drift # drift = detect IAM drift (validator also available) | ||
| policy-name: DevolvTestPolicyHuge # Name of the IAM policy in AWS | ||
| path: ./test-devolv-policy.json # Path to your local IaC policy file | ||
