{"id":48670179,"url":"https://github.com/ministryofjustice/cloud-platform-iam-policy-github-action","last_synced_at":"2026-04-10T12:01:47.365Z","repository":{"id":226432820,"uuid":"768667502","full_name":"ministryofjustice/cloud-platform-iam-policy-github-action","owner":"ministryofjustice","description":"A GitHub Action used with Pull requests (PRs) on the MoJ Cloud Platform.","archived":false,"fork":false,"pushed_at":"2026-03-31T15:56:49.000Z","size":30,"stargazers_count":0,"open_issues_count":5,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-03-31T17:35:49.981Z","etag":null,"topics":["cloud-platform-engineering","github-actions","standards-compliant"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ministryofjustice.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-03-07T14:10:47.000Z","updated_at":"2025-03-17T12:42:28.000Z","dependencies_parsed_at":"2024-04-24T15:04:42.466Z","dependency_job_id":null,"html_url":"https://github.com/ministryofjustice/cloud-platform-iam-policy-github-action","commit_stats":null,"previous_names":["ministryofjustice/cloud-platform-iam-policy-github-action"],"tags_count":1,"template":false,"template_full_name":"ministryofjustice/template-repository","purl":"pkg:github/ministryofjustice/cloud-platform-iam-policy-github-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-iam-policy-github-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-iam-policy-github-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-iam-policy-github-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-iam-policy-github-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ministryofjustice","download_url":"https://codeload.github.com/ministryofjustice/cloud-platform-iam-policy-github-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-iam-policy-github-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31641492,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-10T07:40:12.752Z","status":"ssl_error","status_checked_at":"2026-04-10T07:40:11.664Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-platform-engineering","github-actions","standards-compliant"],"created_at":"2026-04-10T12:00:44.579Z","updated_at":"2026-04-10T12:01:47.360Z","avatar_url":"https://github.com/ministryofjustice.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IAM Role and Policy Changes Check GitHub Action\n\n[![repo standards badge](https://img.shields.io/endpoint?labelColor=231f20\u0026color=005ea5\u0026style=for-the-badge\u0026label=MoJ%20Compliant\u0026url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fendpoint%2Fcloud-platform-iam-policy-github-action\u0026logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAoCAYAAACM/rhtAAAABmJLR0QA/wD/AP+gvaeTAAAHJElEQVRYhe2YeYyW1RWHnzuMCzCIglBQlhSV2gICKlHiUhVBEAsxGqmVxCUUIV1i61YxadEoal1SWttUaKJNWrQUsRRc6tLGNlCXWGyoUkCJ4uCCSCOiwlTm6R/nfPjyMeDY8lfjSSZz3/fee87vnnPu75z3g8/kM2mfqMPVH6mf35t6G/ZgcJ/836Gdug4FjgO67UFn70+FDmjcw9xZaiegWX29lLLmE3QV4Glg8x7WbFfHlFIebS/ANj2oDgX+CXwA9AMubmPNvuqX1SnqKGAT0BFoVE9UL1RH7nSCUjYAL6rntBdg2Q3AgcAo4HDgXeBAoC+wrZQyWS3AWcDSUsomtSswEtgXaAGWlVI2q32BI0spj9XpPww4EVic88vaC7iq5Hz1BvVf6v3qe+rb6ji1p3pWrmtQG9VD1Jn5br+Knmm70T9MfUh9JaPQZu7uLsR9gEsJb3QF9gOagO7AuUTom1LpCcAkoCcwQj0VmJregzaipA4GphNe7w/MBearB7QLYCmlGdiWSm4CfplTHwBDgPHAFmB+Ah8N9AE6EGkxHLhaHU2kRhXc+cByYCqROs05NQq4oR7Lnm5xE9AL+GYC2gZ0Jmjk8VLKO+pE4HvAyYRnOwOH5N7NhMd/WKf3beApYBWwAdgHuCLn+tatbRtgJv1awhtd838LEeq30/A7wN+AwcBt+bwpD9AdOAkYVkpZXtVdSnlc7QI8BlwOXFmZ3oXkdxfidwmPrQXeA+4GuuT08QSdALxC3OYNhBe/TtzON4EziZBXD36o+q082BxgQuqvyYL6wtBY2TyEyJ2DgAXAzcC1+Xxw3RlGqiuJ6vE6QS9VGZ/7H02DDwAvELTyMDAxbfQBvggMAAYR9LR9J2cluH7AmnzuBowFFhLJ/wi7yiJgGXBLPq8A7idy9kPgvAQPcC9wERHSVcDtCfYj4E7gr8BRqWMjcXmeB+4tpbyG2kG9Sl2tPqF2Uick8B+7szyfvDhR3Z7vvq/2yqpynnqNeoY6v7LvevUU9QN1fZ3OTeppWZmeyzRoVu+rhbaHOledmoQ7LRd3SzBVeUo9Wf1DPs9X90/jX8m/e9Rn1Mnqi7nuXXW5+rK6oU7n64mjszovxyvVh9WeDcTVnl5KmQNcCMwvpbQA1xE8VZXhwDXAz4FWIkfnAlcBAwl6+SjD2wTcmPtagZnAEuA3dTp7qyNKKe8DW9UeBCeuBsbsWKVOUPvn+MRKCLeq16lXqLPVFvXb6r25dlaGdUx6cITaJ8fnpo5WI4Wuzcjcqn5Y8eI/1F+n3XvUA1N3v4ZamIEtpZRX1Y6Z/DUK2g84GrgHuDqTehpBCYend94jbnJ34DDgNGArQT9bict3Y3p1ZCnlSoLQb0sbgwjCXpY2blc7llLW1UAMI3o5CD4bmuOlwHaC6xakgZ4Z+ibgSxnOgcAI4uavI27jEII7909dL5VSrimlPKgeQ6TJCZVQjwaOLaW8BfyWbPEa1SaiTH1VfSENd85NDxHt1plA71LKRvX4BDaAKFlTgLeALtliDUqPrSV6SQCBlypgFlbmIIrCDcAl6nPAawmYhlLKFuB6IrkXAadUNj6TXlhDcCNEB/Jn4FcE0f4UWEl0NyWNvZxGTs89z6ZnatIIrCdqcCtRJmcCPwCeSN3N1Iu6T4VaFhm9n+riypouBnepLsk9p6p35fzwvDSX5eVQvaDOzjnqzTl+1KC53+XzLINHd65O6lD1DnWbepPBhQ3q2jQyW+2oDkkAtdt5udpb7W+Q/OFGA7ol1zxu1tc8zNHqXercfDfQIOZm9fR815Cpt5PnVqsr1F51wI9QnzU63xZ1o/rdPPmt6enV6sXqHPVqdXOCe1rtrg5W7zNI+m712Ir+cer4POiqfHeJSVe1Raemwnm7xD3mD1E/Z3wIjcsTdlZnqO8bFeNB9c30zgVG2euYa69QJ+9G90lG+99bfdIoo5PU4w362xHePxl1slMab6tV72KUxDvzlAMT8G0ZohXq39VX1bNzzxij9K1Qb9lhdGe931B/kR6/zCwY9YvuytCsMlj+gbr5SemhqkyuzE8xau4MP865JvWNuj0b1YuqDkgvH2GkURfakly01Cg7Cw0+qyXxkjojq9Lw+vT2AUY+DlF/otYq1Ixc35re2V7R8aTRg2KUv7+ou3x/14PsUBn3NG51S0XpG0Z9PcOPKWSS0SKNUo9Rv2Mmt/G5WpPF6pHGra7Jv410OVsdaz217AbkAPX3ubkm240belCuudT4Rp5p/DyC2lf9mfq1iq5eFe8/lu+K0YrVp0uret4nAkwlB6vzjI/1PxrlrTp/oNHbzTJI92T1qAT+BfW49MhMg6JUp7ehY5a6Tl2jjmVvitF9fxo5Yq8CaAfAkzLMnySt6uz/1k6bPx59CpCNxGfoSKA30IPoH7cQXdArwCOllFX/i53P5P9a/gNkKpsCMFRuFAAAAABJRU5ErkJggg==)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-report/cloud-platform-iam-policy-github-action)\n\nThis GitHub Action is designed to identify and flag any pull requests within the [Ministry of Justice Cloud Platform][cloud-platform] that contain changes related to IAM roles and IAM policies. Such changes require approval from the Cloud Platform team to ensure compliance and security within the platform's infrastructure.\n\n## Overview\n\nThis action automatically marks pull requests containing IAM role and policy changes as failed, signalling the need for a review by authorised team members. This process helps maintain the integrity and security of the IAM policies within the Cloud Platform. \n\n## How to Use\n\nTo integrate this GitHub Action into your workflow, follow the steps below:\n\n1. **Create a Workflow File:** In your repository, create a file named `.github/workflows/iam-role-policy-changes-check.yml`.\n\n2. **Configure the Workflow:** Copy and paste the following workflow configuration into your new file:\n\n    ```yaml\n    name: Identify PRs that contain IAM Role and Policy changes\n\n    on:\n      pull_request\n\n    env:\n      PR_OWNER: ${{ github.event.pull_request.user.login }}\n      GITHUB_OAUTH_TOKEN: ${{ secrets.DOCUMENT_REVIEW_GITHUB }}\n      PR_NUMBER: ${{ github.event.number }}\n      GITHUB_REPOSITORY: ${{ github.repository }}\n      GITHUB_APP_ID: ${{ secrets.GITHUB_APP_ID }}\n      GITHUB_APP_INSTALLATION_ID: ${{ secrets.GITHUB_APP_INSTALLATION_ID }}\n      GITHUB_APP_PRIVATE_KEY: ${{ secrets.GITHUB_APP_PRIVATE_KEY }} \n  \n    jobs:\n      check-diff:\n        runs-on: ${{ matrix.os }}\n\n        strategy:\n          matrix:\n            os: [ubuntu-latest]\n\n        steps:\n          - name: Checkout PR code\n            uses: actions/checkout@\u003cSHA\u003e\n          - run: |\n              git fetch --no-tags --prune --depth=1 origin +refs/heads/*:refs/remotes/origin/*\n          - name: Run git diff against repository\n            run: |\n              git diff origin/main HEAD \u003e changes\n          - name: Run iam/role policy changes check\n            id: review_pr\n            uses: ministryofjustice/cloud-platform-iam-policy-github-action@\u003cSHA\u003e\n    ```\n\n3. **Provide Required Secret:** Ensure the `secrets.DOCUMENT_REVIEW_GITHUB` secret is set in your repository's settings to allow the action to operate correctly.\n\n[cloud-platform]: https://github.com/ministryofjustice/cloud-platform-environments\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fministryofjustice%2Fcloud-platform-iam-policy-github-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fministryofjustice%2Fcloud-platform-iam-policy-github-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fministryofjustice%2Fcloud-platform-iam-policy-github-action/lists"}