in projenrc/update-registry.ts [8:77]
constructor(project: typescript.TypeScriptProject) {
super(project);
const task = project.addTask('update-registry', {
exec: 'node registry/refresh.js',
});
const infra = new AwsInfrastructure(project, {
name: 'github-connect',
account: '037840909260',
region: 'us-east-1',
});
const stack = infra.stack;
const roleName = 'github-cdklabs-cdk-cloudformation';
const provider = new GithubActionsIdentityProvider(stack, 'GithubActionsIdentityProvider');
const role = new GithubActionsRole(stack, 'GithubActionsRole', {
roleName: roleName,
owner: 'cdklabs',
repo: 'cdk-cloudformation',
provider: provider,
description: 'Allows cdklabs/cdk-cloudformation to query the CloudFormation registry',
filter: 'ref:refs/heads/main',
});
role.addToPolicy(new PolicyStatement({
actions: ['cloudformation:ListTypes', 'cloudformation:DescribeType'],
resources: ['*'],
}));
const workflow = project.github?.addWorkflow('update-registry');
workflow?.on({
workflowDispatch: {},
});
workflow?.addJobs({
update: {
permissions: {
'id-token': JobPermission.WRITE,
'contents': JobPermission.WRITE,
} as any,
runsOn: 'ubuntu-latest',
steps: [
{ uses: 'actions/checkout@v2' },
{
uses: 'aws-actions/configure-aws-credentials@master',
with: {
'role-to-assume': `arn:aws:iam::${infra.stack.account}:role/${roleName}`,
'aws-region': infra.stack.region,
'role-session-name': 'github-automation',
},
},
{ run: 'yarn install' },
{ run: this.project.runTaskCommand(task) },
// create a pull request
{
uses: 'peter-evans/create-pull-request@v3',
with: {
'title': 'feat: cloudformation registry update',
'commit-message': 'feat: cloudformation registry update',
'branch': 'automation/update-registry',
'committer': 'GitHub Automation <noreply@github.com>',
'labels': 'auto-approve',
},
},
],
},
});
}