From b09fcd6189ecc3b841945374af8fe6ec63d0fc0d Mon Sep 17 00:00:00 2001
From: Kinnaird McQuade <kmcquade@salesforce.com>
Date: Wed, 16 Jun 2021 17:19:37 -0700
Subject: [PATCH] Fixes #74 - Add automation to fix Azure Policy Data

---
 .github/workflows/update-azure-data.yml     | 41 +++++++++++++++++++++
 Makefile                                    |  4 +-
 update_data.py => update_compliance_data.py |  2 +-
 3 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/update-azure-data.yml
 rename update_data.py => update_compliance_data.py (98%)

diff --git a/.github/workflows/update-azure-data.yml b/.github/workflows/update-azure-data.yml
new file mode 100644
index 0000000..a3712e2
--- /dev/null
+++ b/.github/workflows/update-azure-data.yml
@@ -0,0 +1,41 @@
+name: Update Azure Policy Data
+
+on:
+  schedule:
+    - cron: '0 0 1 * *'
+  workflow_dispatch:
+
+jobs:
+  update-azure-data:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup Python
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.7
+
+      - name: Update IAM Definition
+        run: make update-iam-definition
+
+      - name: Update Compliance Data
+        run: make update-compliance-data
+
+      - name: Update Policy Tables
+        run: make update-policy-table
+
+      - name: Set outputs
+        id: vars
+        run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
+
+      - name: PR if files were updated
+        uses: peter-evans/create-pull-request@v3
+        with:
+          commit-message: Update database
+          title: 'Updates database'
+          body: This is an automated PR created because Azure Policy resources were updated.
+          branch: ${{ steps.vars.outputs.sha_short }}
+          delete-branch: true
+          labels: |
+            automation
diff --git a/Makefile b/Makefile
index d1400dd..1a3b2c7 100644
--- a/Makefile
+++ b/Makefile
@@ -89,5 +89,5 @@ update-iam-definition: setup-dev
 	python3 ./update_iam_definition.py
 update-policy-table: install
 	sh utils/update-policy-table.sh
-update-data: setup-dev
-	python3 ./update_data.py --dest azure_guardrails/shared/data/ --download
+update-compliance-data: setup-dev
+	python3 ./update_compliance_data.py --dest azure_guardrails/shared/data/ --download
diff --git a/update_data.py b/update_compliance_data.py
similarity index 98%
rename from update_data.py
rename to update_compliance_data.py
index 4a3ea39..fcad4d8 100644
--- a/update_data.py
+++ b/update_compliance_data.py
@@ -29,7 +29,7 @@
     default=False,
     help="Download the compliance files again, potentially overwriting the ones that already exist.",
 )
-def update_data(destination, download):
+def update_compliance_data(destination, download):
     links = {
         "cis_benchmark": "https://docs.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-3-0",
         "azure_security_benchmark": "https://docs.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark",