automating maintenance with Github actions

[PatMyron]

Encrypted secrets for IAM actions currently required (set here):

cfn-lint/scripts/update_specs_services_from_ssm.py

Line 131 in 1ad5de3

paginator = client.get_paginator('get_parameters_by_path')

cfn-lint/scripts/update_specs_from_pricing.py

Line 90 in 1ad5de3

return client.get_paginator('get_products').paginate(

---

GitHub Actions usage is free for public repositories

Shortest interval you can run scheduled workflows is once every 5 minutes (takes while before schedules actions run at all in a new repo)

peter-evans/create-pull-request, might get stuck on peter-evans/create-pull-request#48

tested in my fork since I wasn't sure how to test in this repo without pushing

[kddejong]

This seems aggressive for how frequently these things change.

[PatMyron]

It won't change anything if nothing has changed, and it'll just update the same PR if anything has changed, so I considered running frequently and we could just merge it right before releases. Every 15 minutes seems to still be getting ThrottlingException when calling the GetProducts operation though so trying every 35 minutes now

[PatMyron]

We might be able to use pricing files instead of the pricing API?

[PatMyron]

can also temporarily disable Github actions if we need to patch Resource Specification bugs any week

[PatMyron]

@miparnisari / anyone else receiving Run failed: .github/workflows/maintenance.yaml emails from their fork because they don't have secrets.AWS_ACCESS_KEY_ID/secrets.AWS_SECRET_ACCESS_KEY set: GitHub Actions notifications can be disabled (doesn't look more configurable yet unless using email rules), individual workflows can be disabled, or AWS credentials set (currently requires these IAM actions):

                "ssm:GetParametersByPath",
                "pricing:GetProducts"

[kddejong]

[
  "ssm:GetParametersByPath",
  "iam:ListPolicies",
  "pricing:GetProducts"
]