testing new version

Author: RkSinghDeo

devolv/__init__.py

@@ -1,2 +1,2 @@
-__version__ = "0.2.32"
+__version__ = "0.2.33"
 

devolv/drift/cli.py

@@ -24,14 +24,12 @@ def push_branch(branch_name: str):
         subprocess.run(["git", "config", "user.name", "github-actions"], check=True)
         subprocess.run(["git", "add", "."], check=True)
         subprocess.run(["git", "commit", "-m", f"Update policy: {branch_name}"], check=True)
-
         try:
             subprocess.run(["git", "push", "--set-upstream", "origin", branch_name], check=True)
         except subprocess.CalledProcessError:
             typer.echo("⚠️ Initial push failed. Attempting rebase + push...")
             subprocess.run(["git", "pull", "--rebase", "origin", branch_name], check=True)
             subprocess.run(["git", "push", "--set-upstream", "origin", branch_name], check=True)
-
         typer.echo(f"✅ Pushed branch {branch_name} to origin.")
     except subprocess.CalledProcessError as e:
         typer.echo(f"❌ Git command failed: {e}")
@@ -78,9 +76,6 @@ def drift(
     aws_doc = get_aws_policy_document(policy_arn)
     drift_detected = detect_drift(local_doc, aws_doc)
 
-    if drift_detected:
-        print_drift_diff(local_doc, aws_doc)
-
     if not drift_detected:
         try:
             _update_aws_policy(iam, policy_arn, local_doc)
@@ -93,62 +88,63 @@ def drift(
             typer.echo("✅ No forced approval requested. Exiting.")
             return
 
-    repo_full_name = repo_full_name or os.getenv("GITHUB_REPOSITORY")
-    token = os.getenv("GITHUB_TOKEN")
-
-    if not repo_full_name:
-        typer.echo("❌ GitHub repo not specified. Use --repo or set GITHUB_REPOSITORY.")
-        raise typer.Exit(1)
-    if not token:
-        typer.echo("❌ GITHUB_TOKEN not set in environment.")
-        raise typer.Exit(1)
+    if drift_detected or approval_anyway:
+        repo_full_name = repo_full_name or os.getenv("GITHUB_REPOSITORY")
+        token = os.getenv("GITHUB_TOKEN")
 
-    assignees = [a.strip() for a in approvers.split(",") if a.strip()]
-    issue_num, _ = create_approval_issue(
-        repo_full_name, token, policy_name, assignees=assignees, approval_anyway=approval_anyway
-    )
-    issue_url = f"https://github.com/{repo_full_name}/issues/{issue_num}"
-    typer.echo(f"✅ Approval issue created: {issue_url}")
-
-    choice = wait_for_sync_choice(
-        repo_full_name, issue_num, token, allowed_approvers=assignees, approval_anyway=approval_anyway
-    )
-
-    if choice == "local->aws":
-        merged_doc = merge_policy_documents(local_doc, aws_doc)
-        try:
-            _update_aws_policy(iam, policy_arn, merged_doc)
-        except ValueError as ve:
-            typer.echo(str(ve))
+        if not repo_full_name:
+            typer.echo("❌ GitHub repo not specified. Use --repo or set GITHUB_REPOSITORY.")
             raise typer.Exit(1)
-        typer.echo(f"✅ AWS policy {policy_arn} updated with local changes (append-only).")
-        close_issue(repo_full_name, token, issue_num, "✅ AWS updated with local changes. Closing issue.")
-
-    elif choice == "aws->local":
-        _update_local_and_create_pr(aws_doc, policy_file, repo_full_name, policy_name, issue_num, token, "from AWS policy")
-
-    elif choice == "aws<->local":
-        superset_doc = build_superset_policy(local_doc, aws_doc)
-        try:
-            _update_aws_policy(iam, policy_arn, superset_doc)
-        except ValueError as ve:
-            typer.echo(str(ve))
+        if not token:
+            typer.echo("❌ GITHUB_TOKEN not set in environment.")
             raise typer.Exit(1)
-        typer.echo(f"✅ AWS policy {policy_arn} updated with superset of local + AWS.")
-        _update_local_and_create_pr(superset_doc, policy_file, repo_full_name, policy_name, issue_num, token, "with superset of local + AWS")
-
-    elif choice == "approve":
-        typer.echo("✅ Approved without sync action. Closing issue.")
-        close_issue(repo_full_name, token, issue_num, "✅ Approved without sync action. Closing issue.")
 
-    elif choice == "reject":
-        typer.echo("❌ Approval rejected. Closing issue.")
-        close_issue(repo_full_name, token, issue_num, "❌ Approval rejected. Closing issue.")
-        raise typer.Exit(1)
+        assignees = [a.strip() for a in approvers.split(",") if a.strip()]
+        issue_num, _ = create_approval_issue(
+            repo_full_name, token, policy_name, assignees=assignees, approval_anyway=approval_anyway
+        )
+        issue_url = f"https://github.com/{repo_full_name}/issues/{issue_num}"
+        typer.echo(f"✅ Approval issue created: {issue_url}")
+
+        choice = wait_for_sync_choice(
+            repo_full_name, issue_num, token, allowed_approvers=assignees, approval_anyway=approval_anyway
+        )
+
+        if choice == "local->aws":
+            merged_doc = merge_policy_documents(local_doc, aws_doc)
+            try:
+                _update_aws_policy(iam, policy_arn, merged_doc)
+            except ValueError as ve:
+                typer.echo(str(ve))
+                raise typer.Exit(1)
+            typer.echo(f"✅ AWS policy {policy_arn} updated with local changes (append-only).")
+            close_issue(repo_full_name, token, issue_num, "✅ AWS updated with local changes. Closing issue.")
+
+        elif choice == "aws->local":
+            _update_local_and_create_pr(aws_doc, policy_file, repo_full_name, policy_name, issue_num, token, "from AWS policy")
+
+        elif choice == "aws<->local":
+            superset_doc = build_superset_policy(local_doc, aws_doc)
+            try:
+                _update_aws_policy(iam, policy_arn, superset_doc)
+            except ValueError as ve:
+                typer.echo(str(ve))
+                raise typer.Exit(1)
+            typer.echo(f"✅ AWS policy {policy_arn} updated with superset of local + AWS.")
+            _update_local_and_create_pr(superset_doc, policy_file, repo_full_name, policy_name, issue_num, token, "with superset of local + AWS")
+
+        elif choice == "approve":
+            typer.echo("✅ Approved without sync action. Closing issue.")
+            close_issue(repo_full_name, token, issue_num, "✅ Approved without sync action. Closing issue.")
+
+        elif choice == "reject":
+            typer.echo("❌ Approval rejected. Closing issue.")
+            close_issue(repo_full_name, token, issue_num, "❌ Approval rejected. Closing issue.")
+            raise typer.Exit(1)
 
-    else:
-        typer.echo("⏭ No synchronization performed (skip).")
-        close_issue(repo_full_name, token, issue_num, "⏭ No sync chosen. Closing issue.")
+        else:
+            typer.echo("⏭ No synchronization performed (skip).")
+            close_issue(repo_full_name, token, issue_num, "⏭ No sync chosen. Closing issue.")
 
 def _update_aws_policy(iam, policy_arn, policy_doc):
     sids = [stmt.get("Sid") for stmt in policy_doc.get("Statement", []) if "Sid" in stmt]