-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into delegation-grant-names
- Loading branch information
Showing
3,206 changed files
with
973,749 additions
and
205,704 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,8 +25,19 @@ jobs: | |
env: | ||
NODE_OPTIONS: "--max-old-space-size=8196 --experimental-worker ${NODE_OPTIONS:-}" | ||
|
||
# Install all current dependencies | ||
- name: Yarn Install | ||
run: yarn install --frozen-lockfile | ||
|
||
# Upload the current db to be used later | ||
- name: Upload base database | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: db.base.json.gz | ||
path: node_modules/@aws-cdk/aws-service-spec/db.json.gz | ||
if-no-files-found: error | ||
|
||
# Perform the actual upgrade of the relevant packages | ||
- name: Install ncu tool | ||
run: npm -g install lerna npm-check-updates | ||
- name: Run "ncu" for service spec packages | ||
|
@@ -36,6 +47,14 @@ jobs: | |
- name: Install latest version & update lockfile | ||
run: yarn upgrade @aws-cdk/aws-service-spec @aws-cdk/service-spec-importers @aws-cdk/service-spec-types | ||
|
||
# Now that we have updated the database, upload the new candidate db | ||
- name: Upload head database | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: db.head.json.gz | ||
path: node_modules/@aws-cdk/aws-service-spec/db.json.gz | ||
if-no-files-found: error | ||
|
||
# Build @aws-cdk/spec2cdk and run L1 gen script to generate base files for new modules | ||
- name: Build @aws-cdk/spec2cdk | ||
run: lerna run build --stream --no-progress --skip-nx-cache --scope @aws-cdk/spec2cdk | ||
|
@@ -50,14 +69,56 @@ jobs: | |
git add . | ||
git diff --patch --staged > ${{ runner.temp }}/update-spec.patch | ||
- name: Upload Patch | ||
uses: actions/upload-artifact@v3 | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: update-spec.patch | ||
path: ${{ runner.temp }}/update-spec.patch | ||
|
||
diff-db: | ||
needs: update-spec | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
id-token: none | ||
pull-requests: write | ||
env: | ||
CI: "true" | ||
steps: | ||
- name: Download base database | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: db.base.json.gz | ||
path: base | ||
- name: Download head database | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: db.head.json.gz | ||
path: head | ||
- name: Diff databases | ||
id: diff-db | ||
run: npx --yes --package=@aws-cdk/service-spec-importers@latest -c 'diff-db base/db.json.gz head/db.json.gz' > DIFF || echo "diff-result=true" >> $GITHUB_OUTPUT | ||
continue-on-error: true | ||
- name: Create PR body file | ||
run: |- | ||
echo 'Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`' >> PR.md | ||
- name: Add model changelog to PR body file | ||
if: steps.diff-db.outputs.diff-result | ||
run: |- | ||
echo '' >> PR.md | ||
echo '**L1 CloudFormation resource definition changes:**' >> PR.md | ||
echo '```' >> PR.md | ||
cat DIFF >> PR.md | ||
echo '```' >> PR.md | ||
- name: Upload PR body file | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: PR.md | ||
path: PR.md | ||
pr: | ||
name: Create Pull Request | ||
needs: update-spec | ||
needs: | ||
- update-spec | ||
- diff-db | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
@@ -67,27 +128,32 @@ jobs: | |
uses: actions/checkout@v4 | ||
|
||
- name: Download patch | ||
uses: actions/download-artifact@v3 | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: update-spec.patch | ||
path: ${{ runner.temp }} | ||
|
||
- name: Apply patch | ||
run: '[ -s ${{ runner.temp }}/update-spec.patch ] && git apply ${{ runner.temp }}/update-spec.patch || echo "Empty patch. Skipping."' | ||
|
||
- name: Download PR body file | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: PR.md | ||
path: ${{ runner.temp }} | ||
|
||
- name: Make Pull Request | ||
uses: peter-evans/create-pull-request@v5 | ||
with: | ||
# Git commit details | ||
branch: automation/spec-update | ||
author: aws-cdk-automation <[email protected]> | ||
commit-message: |- | ||
feat: update AWS Service Spec | ||
AWS Service Spec packages to latest versions. | ||
feat: update L1 CloudFormation resource definitions | ||
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` | ||
# Pull Request details | ||
title: "feat: update AWS Service Spec" | ||
body: |- | ||
AWS Service Spec packages to latest versions. | ||
title: "feat: update L1 CloudFormation resource definitions" | ||
body-path: ${{ runner.temp }}/PR.md | ||
labels: contribution/core,dependencies,auto-approve,pr-linter/exempt-integ-test,pr-linter/exempt-readme,pr-linter/exempt-test | ||
team-reviewers: aws-cdk-team | ||
# Github prevents further Github actions to be run if the default Github token is used. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
name: Sync repository from upstream | ||
on: | ||
workflow_dispatch: {} | ||
schedule: | ||
- cron: 5 2 * * * | ||
|
||
env: | ||
BRANCHES: main v2-release | ||
|
||
jobs: | ||
|
||
# Check for the presence of a PROJEN_GITHUB_TOKEN secret. | ||
# | ||
# This is expected to contain a personal access token of someone who has | ||
# permissions to bypass branch protection rules. | ||
# | ||
# If not present, we can only use GitHub Actions Token permissions, | ||
# but this has the following downsides: | ||
# | ||
# - Those are bound by branch protection rules (so automated pushing won't work). | ||
# - As soon as a workflow file needs to be changed, GitHub will reject the push. | ||
# Only Apps and Users can be allowed to modify workflows. | ||
check-secret: | ||
# Don't run on the target repo itself, only forks | ||
if: github.repository != 'aws/aws-cdk' | ||
|
||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check for presence of PROJEN_GITHUB_TOKEN | ||
id: check-secrets | ||
run: | | ||
if [ ! -z "${{ secrets.PROJEN_GITHUB_TOKEN }}" ]; then | ||
echo "ok=true" >> $GITHUB_OUTPUT | ||
else | ||
echo "ok=false" >> $GITHUB_OUTPUT | ||
fi | ||
outputs: | ||
ok: ${{ steps.check-secrets.outputs.ok }} | ||
|
||
sync-branch: | ||
runs-on: ubuntu-latest | ||
permissions: | ||
contents: write | ||
needs: [check-secret] | ||
steps: | ||
- name: Checkout using User Token | ||
if: needs.check-secret.outputs.ok == 'true' | ||
uses: actions/checkout@v4 | ||
with: | ||
token: ${{ secrets.PROJEN_GITHUB_TOKEN }} | ||
|
||
- name: Checkout using GitHub Actions permissions | ||
if: needs.check-secret.outputs.ok == 'false' | ||
uses: actions/checkout@v4 | ||
|
||
- name: Sync from aws/aws-cdk | ||
run: |- | ||
git remote add upstream https://github.com/aws/aws-cdk.git | ||
git fetch upstream $BRANCHES | ||
for branch in $BRANCHES; do | ||
git push origin --force refs/remotes/upstream/$branch:refs/heads/$branch | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
repos: | ||
- repo: https://github.com/gitleaks/gitleaks | ||
rev: v8.17.0 | ||
hooks: | ||
- id: gitleaks |
Oops, something went wrong.