.github/workflows/aws.yml

name: Evidence Collection
on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 28-31 * *'
env:
  AWS_REGION : "us-east-1"
  CI_COMMIT_MESSAGE: AWS Evidence Collected
permissions:
  id-token: write   
  contents: write   
  pull-requests: write  
jobs:
  aws-evidence:
    runs-on: ubuntu-latest
    steps:
    - name: Git clone the repository
      uses: actions/checkout@v4
    - name: Configure AWS credentials with OIDC
      uses: aws-actions/configure-aws-credentials@v3
      with:
        role-to-assume: arn:aws:iam::145023120730:role/elevated-standards
        role-session-name: evidencecollection
        aws-region: ${{ env.AWS_REGION }}


    - name: Verify code checkout
      run: |
        echo "Working Directory: $(pwd)"
        ls -alR


    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install boto3


    - name: Debug Environment Variables
      run: |
        echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}"
        echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}"
        echo "AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}"
        echo "AWS_REGION=${AWS_REGION}"


    - name: PREP
      run: |
        chmod +x $GITHUB_WORKSPACE/.github/workflows/scripts/date.sh
        bash $GITHUB_WORKSPACE/.github/workflows/scripts/date.sh
        mkdir -p $GITHUB_WORKSPACE/evidence-artifacts/systems/aws/
 
        
    - name: Run evidence collection script
      run: |
        export PYTHONPATH="$PYTHONPATH:$(pwd)/src"
        python src/services/aws/automation.services.py
        python src/services/aws/certificatesandkey.services.py
        python src/services/aws/cloudprefix.services.py
        python src/services/aws/containers.services.py
        python src/services/aws/dataandstorage.services.py
        python src/services/aws/disaster.services.py
        python src/services/aws/networking.services.py
        python src/services/aws/security.services.py
        # python src/services/aws/simpleemail.services.py

    - name: Check signed commits in PR
      uses: 1Password/check-signed-commits-action@v1
      with:
        comment: |
         Unsigned Commit in PR

    - name: Commit and Push Results
      run: |
         git config --local user.name "GitHub Actions"
         git config --local user.email "actions@github.com"
         git add -A
         git commit -m "${{ env.CI_COMMIT_MESSAGE }}"
         git push origin HEAD:${{ github.ref }}