From dea3cc16cdb7b361f7330015ea808a59e60569e1 Mon Sep 17 00:00:00 2001
From: Lorenzo Nicora <nicorlor@amazon.co.uk>
Date: Mon, 2 Jun 2025 11:02:52 +0100
Subject: [PATCH] Update GH Action

---
 .github/workflows/check-arns.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/check-arns.yml b/.github/workflows/check-arns.yml
index add5f76..e858080 100644
--- a/.github/workflows/check-arns.yml
+++ b/.github/workflows/check-arns.yml
@@ -12,12 +12,12 @@ jobs:
       - name: Check for exposed ARNs
         run: |
           # Find files containing ARN patterns with actual account IDs
-          # Exclude .git directory and this workflow file itself
-          if grep -r --include="*" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .; then
+          # Exclude .git directory, markdown files, and this workflow file itself
+          if grep -r --include="*" --exclude="*.md" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .; then
             echo "ERROR: Found unsanitized ARNs in the repository"
             echo "Please replace account IDs with a placeholder such as <account-id>"
             echo "Files with exposed ARNs:"
-            grep -r --include="*" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -l -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .
+            grep -r --include="*" --exclude="*.md" --exclude-dir=".git" --exclude=".github/workflows/check-arns.yml" -l -E 'arn:aws:[^:]+:[^:]+:[0-9]{12}:' .
             exit 1
           fi