Skip to content

[New Rule] Adding Coverage for AWS STS AssumeRoot by Rare User and Member Account #1312

[New Rule] Adding Coverage for AWS STS AssumeRoot by Rare User and Member Account

[New Rule] Adding Coverage for AWS STS AssumeRoot by Rare User and Member Account #1312

Workflow file for this run

name: Add PR Guidelines Comment
on:
pull_request_target:
types: [opened, labeled]
jobs:
add-comment:
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v2
- name: Set environment variable for early exit control
id: check_label
run: |
echo "CONTINUE_JOB=true" >> $GITHUB_ENV
if [[ "${{ github.event.action }}" == "labeled" || "${{ github.event.action }}" == "opened" ]]; then
RELEVANT_LABELS=("bug" "enhancement" "schema" "Rule: New" "Rule: Tuning" "Rule: Deprecation" "Hunt: New" "Hunt: Tuning")
TRIGGERED_LABEL="${{ github.event.label.name }}"
if [[ ! " ${RELEVANT_LABELS[@]} " =~ " ${TRIGGERED_LABEL} " ]]; then
echo "CONTINUE_JOB=false" >> $GITHUB_ENV
fi
fi
- name: Determine Guidelines Label
run: |
# Initialize GUIDELINES_FILE to empty
echo "GUIDELINES_FILE=" >> $GITHUB_ENV
if [[ "${{ contains(github.event.pull_request.labels.*.name, 'bug') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/bug_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'enhancement') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/enhancement_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'schema') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/schema_enhancement_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'Rule: New') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/rule_new_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'Rule: Tuning') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/rule_tuning_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'Rule: Deprecation') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/rule_deprecation_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'Hunt: New') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/hunt_new_guidelines.md" >> $GITHUB_ENV
elif [[ "${{ contains(github.event.pull_request.labels.*.name, 'Hunt: Tuning') }}" == "true" ]]; then
echo "GUIDELINES_FILE=.github/PULL_REQUEST_GUIDELINES/hunt_tuning_guidelines.md" >> $GITHUB_ENV
fi
- name: Fail if no relevant labels are found
if: env.GUIDELINES_FILE == ''
uses: actions/github-script@v7
with:
script: |
core.setFailed('No appropriate GitHub label found in the PR. Failing the job.')
- name: Add Guidelines Comment
if: env.CONTINUE_JOB == 'true' && (github.event.action == 'opened' || github.event.action == 'labeled')
uses: mshick/add-pr-comment@v2
with:
message-path: ${{ env.GUIDELINES_FILE }}
repo-token: ${{ secrets.PROTECTIONS_MACHINE_TOKEN }}
message-id: "guidelines-comment"