[New Rule] Adding Coverage for AWS STS AssumeRoot by Rare User and Member Account
#31279
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Unit Tests | |
on: | |
push: | |
branches: [ "main", "7.*", "8.*" ] | |
pull_request: | |
branches: [ "*" ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
- name: Fetch main branch | |
run: | | |
git fetch origin main:refs/remotes/origin/main | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip cache purge | |
pip install .[dev] | |
- name: Python Lint | |
run: | | |
python -m flake8 tests detection_rules --ignore D203,N815 --max-line-length 120 | |
- name: Python License Check | |
run: | | |
python -m detection_rules dev license-check | |
- name: Unit tests | |
env: | |
# only run the test test_rule_change_has_updated_date on pull request events to main | |
GITHUB_EVENT_NAME: "${{ github.event_name}}" | |
run: | | |
python -m detection_rules test | |
- name: Build release package | |
env: | |
# only generate the navigator files on push events to main | |
GENERATE_NAVIGATOR_FILES: "${{ github.event_name == 'push' && github.ref == 'refs/heads/main' && '--generate-navigator' || ' ' }}" | |
run: | | |
python -m detection_rules dev build-release $GENERATE_NAVIGATOR_FILES | |
- name: Archive production artifacts for branch builds | |
uses: actions/upload-artifact@v4 | |
if: | | |
github.event_name == 'push' | |
with: | |
name: release-files | |
path: | | |
releases | |
- name: Update navigator gist files | |
env: | |
GITHUB_TOKEN: "${{ secrets.NAVIGATOR_GIST_TOKEN }}" | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
run: python -m detection_rules dev update-navigator-gists |