diff --git a/.github/skills/commit-message-generator/SKILL.md b/.github/skills/commit-message-generator/SKILL.md new file mode 100644 index 0000000..7a41080 --- /dev/null +++ b/.github/skills/commit-message-generator/SKILL.md @@ -0,0 +1,32 @@ +--- +name: commit-message-generator +description: Generate appropriate commit messages based on Git diffs +--- + +## Prerequisites +- This Skill retrieves Git diffs and suggests meaningful commit messages +- Message format should follow Conventional Commits +- Commit messages should be in English +- **Never perform Git commit or Git push** + +## Steps +1. Run `git status` to check modified files +2. Retrieve diffs with `git diff` or `git diff --cached` +3. Analyze the diff content and determine if changes should be split into multiple commits +4. For each logical group of changes: + - List the target files + - Generate a message in English compliant with Conventional Commits + - Suggest the command: `git add && git commit -m ""` +5. If changes are extensive and should be split, provide: + - Rationale for the split + - Multiple commit suggestions with their respective target files and messages + +## Commit Splitting Guidelines +- Split commits when changes span multiple logical concerns (e.g., feature + refactoring) +- Group related files that serve the same purpose +- Keep each commit focused on a single, atomic change + +## Notes +- **This Skill must never execute `git commit` or `git push`** +- Only suggest commands; execution is entirely at user's discretion +- Users must explicitly perform commits and pushes themselves diff --git a/roles/cloudformation-write-role.yaml b/roles/cloudformation-write-role.yaml index c2bcb07..988649a 100644 --- a/roles/cloudformation-write-role.yaml +++ b/roles/cloudformation-write-role.yaml @@ -1,11 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Description: IAM Role for CloudFormation Write operations via AssumeRole -Parameters: - AdminPrincipalArns: - Type: List - Description: List of IAM Identity Center Role ARNs allowed to assume this role. - Resources: CloudFormationWriteRole: Type: AWS::IAM::Role @@ -17,7 +12,7 @@ Resources: Statement: - Effect: Allow Principal: - AWS: !Ref AdminPrincipalArns + AWS: !Sub arn:aws:iam::${AWS::AccountId}:role/aws-reserved/sso.amazonaws.com/${AWS::Region}/AWSReservedSSO_AdministratorWebHosting_42269022c2fff771 Action: sts:AssumeRole Policies: - PolicyName: ECRImport @@ -41,9 +36,11 @@ Resources: Action: - iam:CreateRole - iam:DeleteRole + - iam:UpdateRole - iam:PutRolePolicy - iam:DeleteRolePolicy - iam:AttachRolePolicy + - iam:UpdateAssumeRolePolicy - iam:PassRole Resource: - !Sub arn:aws:iam::${AWS::AccountId}:role/* @@ -58,6 +55,15 @@ Resources: - iam:DeletePolicyVersion Resource: - !Sub arn:aws:iam::${AWS::AccountId}:policy/* + - PolicyName: UserPolicy + PolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Action: + - iam:DeleteAccessKey + Resource: + - !Sub arn:aws:iam::${AWS::AccountId}:user/* - PolicyName: SecretPolicies PolicyDocument: Version: "2012-10-17"