Skip to content

Check for RDS Aurora Postgres version updates #65

Check for RDS Aurora Postgres version updates

Check for RDS Aurora Postgres version updates #65

name: Check for RDS Aurora Postgres version updates
on:
workflow_dispatch:
schedule:
- cron: "0 13 * * 1" # 1pm Monday UTC
env:
AWS_DEFAULT_REGION: ca-central-1
RDS_CLUSTER_NAME: notification-canada-ca-staging-cluster
permissions:
contents: read
id-token: write
jobs:
check-rds-cluster-update:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0
with:
role-to-assume: arn:aws:iam::${{ secrets.STAGING_AWS_ACCOUNT_ID }}:role/notification-terraform-apply
role-session-name: RDSClusterUpdateCheck
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Get RDS cluster available updates
id: available
run: |
LATEST_MAJOR_VERSIONS="$(./scripts/get_rds_cluster_updates.sh ${{ env.RDS_CLUSTER_NAME }})"
echo "versions=${LATEST_MAJOR_VERSIONS}" >> "$GITHUB_OUTPUT"
- name: Post to slack
if: steps.available.outputs.versions != ''
#checkov:skip=CKV_GHA_3:This is an expected use of curl
run: |
json='{"blocks":[{"type":"section","text":{"type":"mrkdwn","text":":mr-data: RDS Aurora Postgres updates are available: <https://docs.aws.amazon.com/AmazonRDS/latest/AuroraPostgreSQLReleaseNotes/AuroraPostgreSQL.Updates.html|RDS Updates>\n```${{ steps.available.outputs.versions }}```"}}]}'
curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.NOTIFY_DEV_SLACK_WEBHOOK }}