iam-policy-validator 1.0.2__tar.gz → 1.0.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of iam-policy-validator might be problematic. Click here for more details.

Files changed (131) hide show
  1. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.github/workflows/ci.yml +20 -51
  2. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.github/workflows/release.yml +58 -8
  3. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/PKG-INFO +1 -1
  4. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/__version__.py +1 -1
  5. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/pyproject.toml +1 -1
  6. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/uv.lock +1 -1
  7. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.github/dependabot.yml +0 -0
  8. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.gitignore +0 -0
  9. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.python-version +0 -0
  10. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/CONTRIBUTING.md +0 -0
  11. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/DOCS.md +0 -0
  12. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/LICENSE +0 -0
  13. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/Makefile +0 -0
  14. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/README.md +0 -0
  15. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/action.yaml +0 -0
  16. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/docs/README.md +0 -0
  17. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/docs/development/PUBLISHING.md +0 -0
  18. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/README.md +0 -0
  19. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/access-analyzer/example1.json +0 -0
  20. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/access-analyzer/example2.json +0 -0
  21. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/configs/action-condition-enforcement-advanced.yaml +0 -0
  22. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/configs/config-privilege-escalation.yaml +0 -0
  23. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/configs/custom-business-rules.yaml +0 -0
  24. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/configs/custom-wildcard-config.yaml +0 -0
  25. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/configs/none_of_example.yaml +0 -0
  26. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/configs/unified-condition-enforcement.yaml +0 -0
  27. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/README.md +0 -0
  28. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
  29. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/cross_account_external_id_check.py +0 -0
  30. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/domain_restriction_check.py +0 -0
  31. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/encryption_required_check.py +0 -0
  32. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/mfa_required_check.py +0 -0
  33. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/region_restriction_check.py +0 -0
  34. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/tag_enforcement_check.py +0 -0
  35. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/custom_checks/time_based_access_check.py +0 -0
  36. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/README.md +0 -0
  37. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/access-analyzer-only.yaml +0 -0
  38. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/action-examples.md +0 -0
  39. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/basic-validation.yaml +0 -0
  40. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/custom-policy-checks.yml +0 -0
  41. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/multi-region-validation.yaml +0 -0
  42. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/resource-policy-validation.yaml +0 -0
  43. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/sequential-validation.yaml +0 -0
  44. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/github-actions/two-step-validation.yaml +0 -0
  45. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/README-privilege-escalation.md +0 -0
  46. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/api_gateway_management.json +0 -0
  47. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/athena_query_access.json +0 -0
  48. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/backup_vault_access.json +0 -0
  49. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/cloudformation_deployer.json +0 -0
  50. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/cloudwatch_monitoring.json +0 -0
  51. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/cognito_user_pool.json +0 -0
  52. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/dynamodb_table_access.json +0 -0
  53. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/ecs_task_execution.json +0 -0
  54. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/eventbridge_rules.json +0 -0
  55. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/glue_etl_jobs.json +0 -0
  56. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/insecure_policy.json +0 -0
  57. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/invalid_policy.json +0 -0
  58. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/kms_encryption_keys.json +0 -0
  59. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/lambda_developer.json +0 -0
  60. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/maximum_size_policy.json +0 -0
  61. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/policy_missing_required_tags.json +0 -0
  62. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/policy_tag_enforcement_example.json +0 -0
  63. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/policy_with_wildcard_resources.json +0 -0
  64. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/privilege_escalation_scattered.json +0 -0
  65. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/rds_database_admin.json +0 -0
  66. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/sample_policy.json +0 -0
  67. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/secrets_manager_access.json +0 -0
  68. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/sns_sqs_messaging.json +0 -0
  69. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/step_functions_workflow.json +0 -0
  70. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/test_none_of_valid.json +0 -0
  71. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/test_none_of_violations.json +0 -0
  72. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/examples/policies/test-cases/wildcard_examples.json +0 -0
  73. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam-validator.yaml +0 -0
  74. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/__init__.py +0 -0
  75. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/__main__.py +0 -0
  76. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/__init__.py +0 -0
  77. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/action_condition_enforcement.py +0 -0
  78. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/action_validation.py +0 -0
  79. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/condition_key_validation.py +0 -0
  80. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/policy_size.py +0 -0
  81. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/resource_validation.py +0 -0
  82. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/security_best_practices.py +0 -0
  83. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/checks/sid_uniqueness.py +0 -0
  84. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/commands/__init__.py +0 -0
  85. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/commands/analyze.py +0 -0
  86. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/commands/base.py +0 -0
  87. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/commands/post_to_pr.py +0 -0
  88. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/commands/validate.py +0 -0
  89. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/__init__.py +0 -0
  90. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/access_analyzer.py +0 -0
  91. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/access_analyzer_report.py +0 -0
  92. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/aws_fetcher.py +0 -0
  93. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/aws_global_conditions.py +0 -0
  94. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/check_registry.py +0 -0
  95. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/cli.py +0 -0
  96. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/config_loader.py +0 -0
  97. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/__init__.py +0 -0
  98. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/base.py +0 -0
  99. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/console.py +0 -0
  100. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/csv.py +0 -0
  101. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/html.py +0 -0
  102. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/json.py +0 -0
  103. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/markdown.py +0 -0
  104. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/formatters/sarif.py +0 -0
  105. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/models.py +0 -0
  106. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/policy_checks.py +0 -0
  107. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/policy_loader.py +0 -0
  108. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/pr_commenter.py +0 -0
  109. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/core/report.py +0 -0
  110. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/integrations/__init__.py +0 -0
  111. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/integrations/github_integration.py +0 -0
  112. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/integrations/ms_teams.py +0 -0
  113. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/README.md +0 -0
  114. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/__init__.py +0 -0
  115. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_action_condition_enforcement.py +0 -0
  116. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_action_validation_check.py +0 -0
  117. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_aws_fetcher_wildcards.py +0 -0
  118. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_aws_global_conditions.py +0 -0
  119. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_check_registry.py +0 -0
  120. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_comment_truncation.py +0 -0
  121. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_condition_key_validation_check.py +0 -0
  122. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_config_loader.py +0 -0
  123. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_custom_policy_checks.py +0 -0
  124. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_models.py +0 -0
  125. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_multipart_comments.py +0 -0
  126. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_policy_loader.py +0 -0
  127. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_policy_size_check.py +0 -0
  128. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_resource_validation_check.py +0 -0
  129. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_security_best_practices.py +0 -0
  130. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_sid_uniqueness_check.py +0 -0
  131. {iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/tests/test_wildcard_allowlist.py +0 -0
{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.github/workflows/ci.yml RENAMED
@@ -13,17 +13,17 @@ jobs:
13
13
  runs-on: ubuntu-latest
14
14
  steps:
15
15
  - name: Checkout code
16
- uses: actions/checkout@v5
16
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
17
17
 
18
18
  - name: Set up Python
19
- uses: actions/setup-python@v6
19
+ uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
20
20
  with:
21
21
  python-version: "3.12"
22
22
 
23
23
  - name: Install uv
24
- run: |
25
- curl -LsSf https://astral.sh/uv/install.sh | sh
26
- echo "$HOME/.local/bin" >> $GITHUB_PATH
24
+ uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
25
+ with:
26
+ enable-cache: true
27
27
 
28
28
  - name: Install dependencies
29
29
  run: uv sync --all-extras
@@ -34,30 +34,6 @@ jobs:
34
34
  - name: Run Ruff formatter check
35
35
  run: uv run ruff format --check .
36
36
 
37
- # Temporarily disabled - will re-enable when type annotations are complete
38
- # type-check:
39
- # name: Type Check with mypy
40
- # runs-on: ubuntu-latest
41
- # steps:
42
- # - name: Checkout code
43
- # uses: actions/checkout@v5
44
-
45
- # - name: Set up Python
46
- # uses: actions/setup-python@v6
47
- # with:
48
- # python-version: "3.12"
49
-
50
- # - name: Install uv
51
- # run: |
52
- # curl -LsSf https://astral.sh/uv/install.sh | sh
53
- # echo "$HOME/.local/bin" >> $GITHUB_PATH
54
-
55
- # - name: Install dependencies
56
- # run: uv sync --all-extras
57
-
58
- # - name: Run mypy
59
- # run: uv run mypy iam_validator/
60
-
61
37
  test:
62
38
  name: Test (Python ${{ matrix.python-version }})
63
39
  runs-on: ubuntu-latest
@@ -67,17 +43,17 @@ jobs:
67
43
  python-version: ["3.10", "3.11", "3.12", "3.13"]
68
44
  steps:
69
45
  - name: Checkout code
70
- uses: actions/checkout@v5
46
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
71
47
 
72
48
  - name: Set up Python ${{ matrix.python-version }}
73
- uses: actions/setup-python@v6
49
+ uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
74
50
  with:
75
51
  python-version: ${{ matrix.python-version }}
76
52
 
77
53
  - name: Install uv
78
- run: |
79
- curl -LsSf https://astral.sh/uv/install.sh | sh
80
- echo "$HOME/.local/bin" >> $GITHUB_PATH
54
+ uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
55
+ with:
56
+ enable-cache: true
81
57
 
82
58
  - name: Install dependencies
83
59
  run: uv sync --all-extras
@@ -91,17 +67,17 @@ jobs:
91
67
  needs: [lint, test]
92
68
  steps:
93
69
  - name: Checkout code
94
- uses: actions/checkout@v5
70
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
95
71
 
96
72
  - name: Set up Python
97
- uses: actions/setup-python@v6
73
+ uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
98
74
  with:
99
75
  python-version: "3.12"
100
76
 
101
77
  - name: Install uv
102
- run: |
103
- curl -LsSf https://astral.sh/uv/install.sh | sh
104
- echo "$HOME/.local/bin" >> $GITHUB_PATH
78
+ uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
79
+ with:
80
+ enable-cache: true
105
81
 
106
82
  - name: Install dependencies
107
83
  run: uv sync
@@ -109,30 +85,23 @@ jobs:
109
85
  - name: Build package
110
86
  run: uv build
111
87
 
112
- - name: Upload build artifacts
113
- uses: actions/upload-artifact@v5
114
- with:
115
- name: dist-packages
116
- path: dist/
117
- retention-days: 7
118
-
119
88
  integration-test:
120
89
  name: Integration Test (Self-Test)
121
90
  runs-on: ubuntu-latest
122
91
  needs: [lint, test]
123
92
  steps:
124
93
  - name: Checkout code
125
- uses: actions/checkout@v5
94
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
126
95
 
127
96
  - name: Set up Python
128
- uses: actions/setup-python@v6
97
+ uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
129
98
  with:
130
99
  python-version: "3.12"
131
100
 
132
101
  - name: Install uv
133
- run: |
134
- curl -LsSf https://astral.sh/uv/install.sh | sh
135
- echo "$HOME/.local/bin" >> $GITHUB_PATH
102
+ uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
103
+ with:
104
+ enable-cache: true
136
105
 
137
106
  - name: Install dependencies
138
107
  run: uv sync
{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/.github/workflows/release.yml RENAMED
@@ -3,7 +3,7 @@ name: Release
3
3
  on:
4
4
  push:
5
5
  tags:
6
- - "v*.*.*" # Triggers on version tags like v0.1.0, v1.2.3, etc.
6
+ - "v*.*.*"
7
7
 
8
8
  permissions:
9
9
  contents: write
@@ -17,17 +17,17 @@ jobs:
17
17
 
18
18
  steps:
19
19
  - name: Checkout code
20
- uses: actions/checkout@v5
20
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
21
21
  with:
22
22
  fetch-depth: 0 # Full history for changelog generation
23
23
 
24
24
  - name: Set up Python
25
- uses: actions/setup-python@v6
25
+ uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6
26
26
  with:
27
27
  python-version: "3.12"
28
28
 
29
29
  - name: Install uv
30
- uses: astral-sh/setup-uv@v7
30
+ uses: astral-sh/setup-uv@5dbc9fba7434435c4cd0268139340fa3696d98f3 # v7
31
31
  with:
32
32
  enable-cache: true
33
33
 
@@ -66,9 +66,9 @@ jobs:
66
66
  echo "Generated changelog with $COMMIT_COUNT commits"
67
67
 
68
68
  - name: Create GitHub Release
69
- uses: softprops/action-gh-release@v2
69
+ uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2
70
70
  with:
71
- name: Release ${{ steps.get_version.outputs.tag }}
71
+ name: ${{ steps.get_version.outputs.tag }}
72
72
  body_path: CHANGELOG.txt
73
73
  files: |
74
74
  dist/*.whl
@@ -88,6 +88,56 @@ jobs:
88
88
  env:
89
89
  UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
90
90
 
91
+ - name: Create Release Summary
92
+ if: always()
93
+ run: |
94
+ VERSION="${{ steps.get_version.outputs.version }}"
95
+ TAG="${{ steps.get_version.outputs.tag }}"
96
+ IS_PRERELEASE="${{ contains(steps.get_version.outputs.version, 'rc') || contains(steps.get_version.outputs.version, 'beta') || contains(steps.get_version.outputs.version, 'alpha') }}"
97
+
98
+ # Extract major and minor versions
99
+ MAJOR=$(echo "$VERSION" | cut -d. -f1)
100
+ MINOR=$(echo "$VERSION" | cut -d. -f1-2)
101
+
102
+ cat >> $GITHUB_STEP_SUMMARY << EOF
103
+ # 🚀 Release Summary
104
+
105
+ ## 📦 Package Information
106
+ - **Package**: \`iam-policy-validator\`
107
+ - **Version**: \`$VERSION\`
108
+ - **Tag**: \`$TAG\`
109
+
110
+ ## 📋 What Was Published
111
+
112
+ ### GitHub Release
113
+ - ✅ Created release: [$TAG](https://github.com/${{ github.repository }}/releases/tag/$TAG)
114
+ - 📄 Changelog generated from commits
115
+ - 📦 Artifacts attached: wheel + source distribution
116
+
117
+ ### PyPI
118
+ $(if [ "$IS_PRERELEASE" = "false" ]; then echo "- ✅ Published to [PyPI](https://pypi.org/project/iam-policy-validator/)"; else echo "- ⏭️ Skipped (pre-release version)"; fi)
119
+
120
+ ### Version Tags
121
+ - 🏷️ Major tag: \`v$MAJOR\`
122
+ - 🏷️ Minor tag: \`v$MINOR\`
123
+ - 🏷️ Full tag: \`v$VERSION\`
124
+
125
+ ## 🔗 Quick Links
126
+ - [📦 PyPI Package](https://pypi.org/project/iam-policy-validator/)
127
+ - [📚 GitHub Release](https://github.com/${{ github.repository }}/releases/tag/$TAG)
128
+ - [📖 Repository](https://github.com/${{ github.repository }})
129
+
130
+ ## 📥 Installation
131
+ \`\`\`bash
132
+ pip install iam-policy-validator==$VERSION
133
+ \`\`\`
134
+
135
+ or use the latest:
136
+ \`\`\`bash
137
+ pip install iam-policy-validator
138
+ \`\`\`
139
+ EOF
140
+
91
141
  update-action-versions:
92
142
  name: Update Major/Minor Tag References
93
143
  runs-on: ubuntu-latest
@@ -95,7 +145,7 @@ jobs:
95
145
 
96
146
  steps:
97
147
  - name: Checkout code
98
- uses: actions/checkout@v5
148
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
99
149
 
100
150
  - name: Configure Git
101
151
  run: |
@@ -113,7 +163,7 @@ jobs:
113
163
  git push origin "v$MAJOR" --force
114
164
 
115
165
  # Update vX.Y tag (e.g., v1.2)
116
- git tag -fa "v$MINOR" -m "Update v$MINOR to $VERSION"
166
+ git tag -fa "v$MINOR" -m "Updated v$MINOR to $VERSION"
117
167
  git push origin "v$MINOR" --force
118
168
 
119
169
  echo "Updated tags: v$MAJOR and v$MINOR to point to $VERSION"
{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: iam-policy-validator
3
- Version: 1.0.2
3
+ Version: 1.0.3
4
4
  Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
5
5
  Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
6
6
  Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/iam_validator/__version__.py RENAMED
@@ -3,5 +3,5 @@
3
3
  This file is the single source of truth for the package version.
4
4
  """
5
5
 
6
- __version__ = "1.0.2"
6
+ __version__ = "1.0.3"
7
7
  __version_info__ = tuple(int(part) for part in __version__.split("."))
{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "iam-policy-validator"
3
- version = "1.0.2"
3
+ version = "1.0.3"
4
4
  description = "Validate AWS IAM policies for correctness and security using AWS Service Reference API"
5
5
  readme = "README.md"
6
6
  requires-python = ">=3.10"
{iam_policy_validator-1.0.2 → iam_policy_validator-1.0.3}/uv.lock RENAMED
@@ -284,7 +284,7 @@ wheels = [
284
284
 
285
285
  [[package]]
286
286
  name = "iam-policy-validator"
287
- version = "1.0.2"
287
+ version = "1.0.3"
288
288
  source = { editable = "." }
289
289
  dependencies = [
290
290
  { name = "boto3" },