Skip to content

Commit 7c12c04

Browse files
moelasmarmoelasmar
authored
Merge branch 'main' into circular-dependency
2 parents feb4c8f + beb42fd commit 7c12c04

File tree

651 files changed

+521762
-88543
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

651 files changed

+521762
-88543
lines changed

.gitattributes

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,3 +17,4 @@ packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.buck
1717
packages/@aws-cdk-testing/framework-integ/test/**/*.snapshot/**/asset*.zip filter=lfs diff=lfs merge=lfs -text
1818
packages/@aws-cdk/*-alpha/test/**/*.snapshot/**/asset*.zip filter=lfs diff=lfs merge=lfs -text
1919
packages/@aws-cdk/*-alpha/test/*.snapshot/asset.*/bootstrap filter=lfs diff=lfs merge=lfs -text
20+
packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-large-file/asset*/large* filter=lfs diff=lfs merge=lfs -text

.github/workflows/security-guardian.yml

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
name: Security Guardian
2+
on:
3+
pull_request_target: {}
4+
5+
jobs:
6+
run-security-guardian:
7+
runs-on: ubuntu-latest
8+
steps:
9+
- name: Checkout
10+
uses: actions/checkout@v4
11+
with:
12+
fetch-depth: 0 # Fetches full history
13+
14+
- name: Get list of changed .template.json files
15+
id: filter_files
16+
run: |
17+
echo "Getting changed CloudFormation templates..."
18+
mkdir -p changed_templates
19+
20+
git fetch origin main --depth=1
21+
22+
base_sha="${{ github.event.pull_request.base.sha }}"
23+
head_sha="${{ github.event.pull_request.head.sha }}"
24+
if [[ -z "$base_sha" ]]; then base_sha=$(git merge-base origin/main HEAD); fi
25+
if [[ -z "$head_sha" ]]; then head_sha=HEAD; fi
26+
27+
git diff --name-status "$base_sha" "$head_sha" \
28+
| grep -E '^(A|M)\s+.*\.template\.json$' \
29+
| awk '{print $2}' > changed_files.txt || true
30+
31+
while IFS= read -r file; do
32+
if [ -f "$file" ]; then
33+
safe_name=$(echo "$file" | sed 's|/|_|g')
34+
cp "$file" "changed_templates/$safe_name"
35+
else
36+
echo "::warning::Changed file not found in workspace: $file"
37+
fi
38+
done < changed_files.txt
39+
40+
if [ -s changed_files.txt ]; then
41+
echo "files_changed=true" >> $GITHUB_OUTPUT
42+
else
43+
echo "files_changed=false" >> $GITHUB_OUTPUT
44+
fi
45+
46+
- name: Install cfn-guard
47+
if: steps.filter_files.outputs.files_changed == 'true'
48+
run: |
49+
mkdir -p $HOME/.local/bin
50+
curl -L -o cfn-guard.tar.gz https://github.com/aws-cloudformation/cloudformation-guard/releases/latest/download/cfn-guard-v3-x86_64-ubuntu-latest.tar.gz
51+
tar -xzf cfn-guard.tar.gz
52+
mv cfn-guard-v3-*/cfn-guard $HOME/.local/bin/cfn-guard
53+
chmod +x $HOME/.local/bin/cfn-guard
54+
echo "$HOME/.local/bin" >> $GITHUB_PATH
55+
56+
- name: Install & Build security-guardian
57+
if: steps.filter_files.outputs.files_changed == 'true'
58+
run: yarn install --frozen-lockfile && cd tools/@aws-cdk/security-guardian && yarn build
59+
60+
- name: Run cfn-guard if templates changed
61+
if: steps.filter_files.outputs.files_changed == 'true'
62+
uses: ./tools/@aws-cdk/security-guardian
63+
with:
64+
data_directory: './changed_templates'
65+
rule_set_path: './tools/@aws-cdk/security-guardian/rules/trust_scope_rules.guard'
66+
show_summary: 'fail'
67+
output_format: 'single-line-summary'

packages/@aws-cdk-testing/framework-integ/test/aws-appconfig/test/integ.configuration.js.snapshot/appconfigconfigurationDefaultTestDeployAssert6752CD38.assets.json

Lines changed: 2 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)