# Data Update:
#   IAM Managed Policies
#
# This Github Action:
#   - executes the script that updates the IAM Managed Policies that come bundled with Moto
#   - creates a PR
#
name: "DataUpdate_IAMManagedPolicies"

on:
  schedule:
    - cron: '00 6 1 * *'
  workflow_dispatch:

jobs:
  update:
    name: Update IAM Managed Policies
    runs-on: ubuntu-latest
    if: ${{ github.ref == 'refs/heads/master' && github.repository == 'getmoto/moto' }}
    permissions:
      id-token: write
      contents: write
      pull-requests: write

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Set up Python 3.9
      uses: actions/setup-python@v5
      with:
        python-version: 3.9

    - name: Configure AWS
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: us-east-1
        role-to-assume: arn:aws:iam::486285699788:role/GithubActionsRole

    - name: Pull IAM managed policies from AWS
      run: |
        pip install -r requirements-dev.txt
        make aws_managed_policies
    - name: Create PR
      uses: peter-evans/create-pull-request@v6
      with:
        branch: 'chore-update-iam-managed-policies-${{ github.run_number }}'
        title: 'chore: update IAM Managed Policies'
        commit-message: 'chore: update IAM Managed Policies'