From 12d37f003d1368fa06507d5a6f0330be2bbb88cd Mon Sep 17 00:00:00 2001
From: QuantumNeuralCoder
 <163458725+QuantumNeuralCoder@users.noreply.github.com>
Date: Mon, 14 Apr 2025 09:55:52 -0700
Subject: [PATCH 1/3] test2 - s-g

---
 .../security-guardian/test/templates/CMCMK-Stack.template.json  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json b/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json
index 66ab20bfbe4dc..cdfb456fe2614 100644
--- a/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json
+++ b/tools/@aws-cdk/security-guardian/test/templates/CMCMK-Stack.template.json
@@ -1,6 +1,6 @@
 {
  "Resources": { 
-  "LambdaExecutionRoleD5C26073": {   
+  "LambdaExecutionRoleD5C26073": {    
    "Type": "AWS::IAM::Role",
    "Properties": {
     "AssumeRolePolicyDocument": {

From 910f0c9c22f2fe83514a2c6b68ebc4c9afb8bdf6 Mon Sep 17 00:00:00 2001
From: QuantumNeuralCoder
 <163458725+QuantumNeuralCoder@users.noreply.github.com>
Date: Mon, 14 Apr 2025 10:00:11 -0700
Subject: [PATCH 2/3] test2 - s-g

---
 ...agingStack-default-resourcesmax-ACCOUNT-REGION.template.json | 2 +-
 ...edstackPipelineCrossRegionStack37C990C7.nested.template.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json
index f70bde51614e7..453f0bccdbde7 100644
--- a/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json
+++ b/tools/@aws-cdk/security-guardian/test/templates/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json
@@ -4,7 +4,7 @@
   "CdkFileRoleE26CEABA": {
    "Type": "AWS::IAM::Role",
    "Properties": {
-    "AssumeRolePolicyDocument": {
+    "AssumeRolePolicyDocument": { 
      "Statement": [
       {
        "Action": "sts:AssumeRole",
diff --git a/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json b/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json
index d56414cc3cf09..d3dba4357ed63 100644
--- a/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json
+++ b/tools/@aws-cdk/security-guardian/test/templates/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json
@@ -102,7 +102,7 @@
     ]
    }
   },
-  "PipelineArtifactsBucketEncryptionKey01D58D69": {
+  "PipelineArtifactsBucketEncryptionKey01D58D69": { 
    "Type": "AWS::KMS::Key",
    "Properties": {
     "KeyPolicy": {

From c65b0244499005ffbe7d2598726ca076daaae186 Mon Sep 17 00:00:00 2001
From: QuantumNeuralCoder
 <163458725+QuantumNeuralCoder@users.noreply.github.com>
Date: Mon, 14 Apr 2025 10:12:44 -0700
Subject: [PATCH 3/3] modifying s-g action to minimize to required jobs

---
 .github/workflows/security-guardian.yml | 35 +------------------------
 1 file changed, 1 insertion(+), 34 deletions(-)

diff --git a/.github/workflows/security-guardian.yml b/.github/workflows/security-guardian.yml
index 05655503e3702..b25187deb7fff 100644
--- a/.github/workflows/security-guardian.yml
+++ b/.github/workflows/security-guardian.yml
@@ -16,48 +16,15 @@ on:
     types: [completed]
 
 jobs:
-  download-if-workflow-run:
-    runs-on: ubuntu-latest
-    outputs:
-      pr_number: ${{ steps.pr_output.outputs.pr_number }}
-      pr_sha: ${{ steps.pr_output.outputs.pr_sha }}
-    # if conditions on all individual steps because subsequent jobs depend on this job
-    # and we cannot skip it entirely
-    steps:
-      - name: 'Download workflow_run artifact'
-        if: github.event_name == 'workflow_run'
-        uses: dawidd6/action-download-artifact@v9
-        with:
-          run_id: ${{ github.event.workflow_run.id }}
-          name: pr_info
-          path: pr/
-          search_artifacts: true
-
-      - name: 'Determine PR info'
-        # PR info comes from the artifact if downloaded, or GitHub context if not.
-        if: github.event_name == 'workflow_run'
-        id: 'pr_output'
-        run: |
-          if [[ ! -f pr/pr_number ]]; then
-            echo "${{ github.event.pull_request.number }}" > pr/pr_number
-          fi
-          if [[ ! -f pr/pr_sha ]]; then
-            echo "${{ github.event.pull_request.head.sha }}" > pr/pr_sha
-          fi
-          cat pr/*
-          echo "pr_number=$(cat pr/pr_number)" >> "$GITHUB_OUTPUT"
-          echo "pr_sha=$(cat pr/pr_sha)" >> "$GITHUB_OUTPUT"
-
   run-security-guardian:
     # Necessary to have sufficient permissions to write to the PR
     permissions:
       contents: read
-      pull-requests: write
+      pull-requests: read
       statuses: read
       issues: read
       checks: read
     runs-on: ubuntu-latest
-    needs: download-if-workflow-run
     steps:
       - name: Checkout
         uses: actions/checkout@v4