-
Notifications
You must be signed in to change notification settings - Fork 1
40 lines (38 loc) · 1.66 KB
/
export_github_data.yml
File metadata and controls
40 lines (38 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: GitHub repository metadata exporter
on:
workflow_dispatch:
schedule:
- cron: "20 7 * * *"
permissions:
id-token: write
contents: read
issues: read
pull-requests: read
security-events: read
jobs:
export-data:
runs-on: ubuntu-latest
steps:
- name: Audit DNS requests
uses: cds-snc/dns-proxy-action@2aee21aebfddefac5839497648a36a9f84342d8b
env:
DNS_PROXY_FORWARDTOSENTINEL: "true"
DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
with:
role-to-assume: arn:aws:iam::739275439843:role/data-lake-github-data-export
role-session-name: GithubDataExport
aws-region: ca-central-1
- name: Export Data
uses: cds-snc/github-repository-metadata-exporter@fe65ed89fcabde7d0ea0d1fe022ea85825b6f6f8
with:
github-app-id: ${{ secrets.SRE_BOT_RO_APP_ID }}
github-app-installation-id: ${{ secrets.SRE_BOT_RO_INSTALLATION_ID }}
github-app-private-key: ${{ secrets.SRE_BOT_RO_PRIVATE_KEY }}
log-analytics-workspace-id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
log-analytics-workspace-key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
s3-bucket: ${{ secrets.DATA_LAKE_GITHUB_METADATA_EXPORT_S3_BUCKET }}
aws-region: ${{ secrets.DATA_LAKE_GITHUB_METADATA_EXPORT_AWS_REGION }}