Merge pull request #8 from QuantumNeuralCoder/cfn-guard-action

Minimizing jobs for s-g action

Author: QuantumNeuralCoder

.github/workflows/security-guardian.yml

@@ -16,48 +16,15 @@ on:
     types: [completed]
 
 jobs:
-  download-if-workflow-run:
-    runs-on: ubuntu-latest
-    outputs:
-      pr_number: ${{ steps.pr_output.outputs.pr_number }}
-      pr_sha: ${{ steps.pr_output.outputs.pr_sha }}
-    # if conditions on all individual steps because subsequent jobs depend on this job
-    # and we cannot skip it entirely
-    steps:
-      - name: 'Download workflow_run artifact'
-        if: github.event_name == 'workflow_run'
-        uses: dawidd6/action-download-artifact@v9
-        with:
-          run_id: ${{ github.event.workflow_run.id }}
-          name: pr_info
-          path: pr/
-          search_artifacts: true
-
-      - name: 'Determine PR info'
-        # PR info comes from the artifact if downloaded, or GitHub context if not.
-        if: github.event_name == 'workflow_run'
-        id: 'pr_output'
-        run: |
-          if [[ ! -f pr/pr_number ]]; then
-            echo "${{ github.event.pull_request.number }}" > pr/pr_number
-          fi
-          if [[ ! -f pr/pr_sha ]]; then
-            echo "${{ github.event.pull_request.head.sha }}" > pr/pr_sha
-          fi
-          cat pr/*
-          echo "pr_number=$(cat pr/pr_number)" >> "$GITHUB_OUTPUT"
-          echo "pr_sha=$(cat pr/pr_sha)" >> "$GITHUB_OUTPUT"
-
   run-security-guardian:
     # Necessary to have sufficient permissions to write to the PR
     permissions:
       contents: read
-      pull-requests: write
+      pull-requests: read
       statuses: read
       issues: read
       checks: read
     runs-on: ubuntu-latest
-    needs: download-if-workflow-run
     steps:
       - name: Checkout
         uses: actions/checkout@v4

tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json

@@ -1,6 +1,6 @@
 {
  "Resources": { 
-  "LambdaExecutionRoleD5C26073": {   
+  "LambdaExecutionRoleD5C26073": {    
    "Type": "AWS::IAM::Role",
    "Properties": {
     "AssumeRolePolicyDocument": {

tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json

@@ -4,7 +4,7 @@
   "CdkFileRoleE26CEABA": {
    "Type": "AWS::IAM::Role",
    "Properties": {
-    "AssumeRolePolicyDocument": {
+    "AssumeRolePolicyDocument": { 
      "Statement": [
       {
        "Action": "sts:AssumeRole",

tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json

@@ -102,7 +102,7 @@
     ]
    }
   },
-  "PipelineArtifactsBucketEncryptionKey01D58D69": {
+  "PipelineArtifactsBucketEncryptionKey01D58D69": { 
    "Type": "AWS::KMS::Key",
    "Properties": {
     "KeyPolicy": {