diff --git a/.github/workflows/security-guardian.yml b/.github/workflows/security-guardian.yml index 05655503e3702..b25187deb7fff 100644 --- a/.github/workflows/security-guardian.yml +++ b/.github/workflows/security-guardian.yml @@ -16,48 +16,15 @@ on: types: [completed] jobs: - download-if-workflow-run: - runs-on: ubuntu-latest - outputs: - pr_number: ${{ steps.pr_output.outputs.pr_number }} - pr_sha: ${{ steps.pr_output.outputs.pr_sha }} - # if conditions on all individual steps because subsequent jobs depend on this job - # and we cannot skip it entirely - steps: - - name: 'Download workflow_run artifact' - if: github.event_name == 'workflow_run' - uses: dawidd6/action-download-artifact@v9 - with: - run_id: ${{ github.event.workflow_run.id }} - name: pr_info - path: pr/ - search_artifacts: true - - - name: 'Determine PR info' - # PR info comes from the artifact if downloaded, or GitHub context if not. - if: github.event_name == 'workflow_run' - id: 'pr_output' - run: | - if [[ ! -f pr/pr_number ]]; then - echo "${{ github.event.pull_request.number }}" > pr/pr_number - fi - if [[ ! -f pr/pr_sha ]]; then - echo "${{ github.event.pull_request.head.sha }}" > pr/pr_sha - fi - cat pr/* - echo "pr_number=$(cat pr/pr_number)" >> "$GITHUB_OUTPUT" - echo "pr_sha=$(cat pr/pr_sha)" >> "$GITHUB_OUTPUT" - run-security-guardian: # Necessary to have sufficient permissions to write to the PR permissions: contents: read - pull-requests: write + pull-requests: read statuses: read issues: read checks: read runs-on: ubuntu-latest - needs: download-if-workflow-run steps: - name: Checkout uses: actions/checkout@v4 diff --git a/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json b/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json index 66ab20bfbe4dc..cdfb456fe2614 100644 --- a/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json +++ b/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json @@ -1,6 +1,6 @@ { "Resources": { - "LambdaExecutionRoleD5C26073": { + "LambdaExecutionRoleD5C26073": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { diff --git a/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json index f70bde51614e7..453f0bccdbde7 100644 --- a/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json +++ b/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -4,7 +4,7 @@ "CdkFileRoleE26CEABA": { "Type": "AWS::IAM::Role", "Properties": { - "AssumeRolePolicyDocument": { + "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", diff --git a/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json b/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json index d56414cc3cf09..d3dba4357ed63 100644 --- a/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json +++ b/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json @@ -102,7 +102,7 @@ ] } }, - "PipelineArtifactsBucketEncryptionKey01D58D69": { + "PipelineArtifactsBucketEncryptionKey01D58D69": { "Type": "AWS::KMS::Key", "Properties": { "KeyPolicy": {