.github/workflows/platform-pagerduty-rota-to-slack.yml

---
name: Platform - PagerDuty Rota to Slack

on: # yamllint disable-line rule:truthy
  schedule:
    - cron: "0 8 * * 1-5" # Monday-Friday at 08:00 UTC
  workflow_dispatch:

permissions: read-all

jobs:
  pagerduty-rota-to-slack:
    name: PagerDuty Rota to Slack
    runs-on: ubuntu-latest
    permissions:
      id-token: write
    defaults:
      run:
        working-directory: scripts/pagerduty/rota-to-slack
    strategy:
      matrix:
        include:
          - pagerduty-schedule-id: POE95CC # Data Platform
            slack-channel: C04M8224WCV # data-platform-apps-and-tools
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: Setup Python
        id: setup_python
        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
        with:
          python-version: 3.9

      - name: Install requirements
        id: install_requirements
        run: |
          pip install --requirement requirements.txt

      - name: Configure AWS Credentials
        id: configure_aws_credentials
        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
        with:
          aws-region: eu-west-1
          role-to-assume: arn:aws:iam::042130406152:role/GlobalGitHubActionAccess

      - name: Assume GlobalGitHubActionAdmin Role
        id: assume_global_github_action_admin_role
        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
        with:
          aws-region: eu-west-1
          role-to-assume: arn:aws:iam::042130406152:role/GlobalGitHubActionAdmin
          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
          aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
          role-skip-session-tagging: true

      - name: Get AWS Secrets
        id: get_aws_secrets
        uses: aws-actions/aws-secretsmanager-get-secrets@022e8919774ecb75e8e375656d7b1898936ab878 # v1.0.4
        with:
          secret-ids: |
            PAGERDUTY_TOKEN, pagerduty-token
            SLACK_TOKEN, slack-pagerduty-rota-token

      - name: Run scripts/pagerduty/rota-to-slack/main.py
        id: run_slack_on_call
        run: |
          python main.py
        env:
          PAGERDUTY_SCHEDULE_ID: ${{ matrix.pagerduty-schedule-id }}
          PAGERDUTY_TOKEN: ${{ env.PAGERDUTY_TOKEN }}
          SLACK_CHANNEL: ${{ matrix.slack-channel }}
          SLACK_TOKEN: ${{ env.SLACK_TOKEN }}