Test changed return code

TheOneFromNorway · TheOneFromNorway · commit 2d57432fb4e1 · 2025-06-09T13:24:08.000+01:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -44,6 +44,9 @@ on:
           - none
         default: all
 
+env:
+  account_id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }}
+
 jobs:
   validate-inputs:
     runs-on: ubuntu-latest
@@ -94,13 +97,13 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: ${{ env.aws_role }}
+          role-to-assume: arn:aws:iam::${{ env.account_id }}:role/GithubDeployMavisAndInfrastructure
           aws-region: eu-west-2
       - name: Compare permissions
         id: compare-permissions
         run: |
           source ./scripts/validate-github-actions-policy.sh
-          validate_policies arn:aws:iam::${{ env.aws_account_id }}:policy/DeployMavisResources ./resources/github_actions_policy.json
+          validate_policies arn:aws:iam::${{ env.account_id }}:policy/DeployMavisResources ./resources/github_actions_policy.json
           exit $?
   update-permissions:
     runs-on: ubuntu-latest
@@ -120,10 +123,10 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          role-to-assume: ${{ env.aws_role }}
+          role-to-assume: arn:aws:iam::${{ env.account_id }}:role/GithubDeployMavisAndInfrastructure
           aws-region: eu-west-2
       - name: Update IAM policy
-        run: ./scripts/update-github-actions-policy.sh arn:aws:iam::${{ env.aws_account_id }}:policy/DeployMavisResources ./resources/github_actions_policy.json
+        run: ./scripts/update-github-actions-policy.sh arn:aws:iam::${{ env.account_id }}:policy/DeployMavisResources ./resources/github_actions_policy.json
   deploy-infrastructure:
     permissions:
       id-token: write
diff --git a/terraform/resources/github_actions_policy.json b/terraform/resources/github_actions_policy.json
@@ -123,7 +123,8 @@
         "secretsmanager:UpdateSecret",
         "ssm:DeleteParameter",
         "ssm:DeleteParameters",
-        "ssm:PutParameter"
+        "ssm:PutParameter",
+        "ssm:GetParameter"
       ],
       "Resource": ["*"]
     }
diff --git a/terraform/scripts/validate-github-actions-policy.sh b/terraform/scripts/validate-github-actions-policy.sh
@@ -15,7 +15,7 @@ function validate_policies() {
   jq -S . deployed_policy.json > deployed_policy_sorted.json
   jq -S . "$POLICY_FILE" > github_actions_policy_sorted.json
 
-  POLICY_DIFF=$(diff --unified deployed_policy_sorted.json github_actions_policy_sorted.json)
+  POLICY_DIFF=$(diff --unified deployed_policy_sorted.json github_actions_policy_sorted.json) || true
   if [ -n "$POLICY_DIFF" ]; then
     echo "Policy mismatch detected: $POLICY_DIFF"
     return 1
