Merge pull request #78 from salesforce/fix/GH-74-automation-update-az…

…ure-data Fixes #74 - Add automation to update Azure Policy Data
salesforce · Jun 17, 2021 · 7ea0641 · 7ea0641
2 parents 65b5e2c + b09fcd6
commit 7ea0641
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 3 deletions.
diff --git a/.github/workflows/update-azure-data.yml b/.github/workflows/update-azure-data.yml
@@ -0,0 +1,41 @@
+name: Update Azure Policy Data
+
+on:
+  schedule:
+    - cron: '0 0 1 * *'
+  workflow_dispatch:
+
+jobs:
+  update-azure-data:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup Python
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+
+      - name: Update IAM Definition
+        run: make update-iam-definition
+
+      - name: Update Compliance Data
+        run: make update-compliance-data
+
+      - name: Update Policy Tables
+        run: make update-policy-table
+
+      - name: Set outputs
+        id: vars
+        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+
+      - name: PR if files were updated
+        uses: peter-evans/create-pull-request@v3
+        with:
+          commit-message: Update database
+          title: 'Updates database'
+          body: This is an automated PR created because Azure Policy resources were updated.
+          branch: ${{ steps.vars.outputs.sha_short }}
+          delete-branch: true
+          labels: |
+            automation
diff --git a/Makefile b/Makefile
@@ -89,5 +89,5 @@ update-iam-definition: setup-dev
 	python3 ./update_iam_definition.py
 update-policy-table: install
 	sh utils/update-policy-table.sh
-update-data: setup-dev
-	python3 ./update_data.py --dest azure_guardrails/shared/data/ --download
+update-compliance-data: setup-dev
+	python3 ./update_compliance_data.py --dest azure_guardrails/shared/data/ --download
diff --git a/update_data.py → update_compliance_data.py b/update_data.py → update_compliance_data.py
@@ -29,7 +29,7 @@
     default=False,
     help="Download the compliance files again, potentially overwriting the ones that already exist.",
 )
-def update_data(destination, download):
+def update_compliance_data(destination, download):
     links = {
         "cis_benchmark": "https://docs.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-3-0",
         "azure_security_benchmark": "https://docs.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark",