Skip to content

PLT-338 Security group for internet access #31

PLT-338 Security group for internet access

PLT-338 Security group for internet access #31

name: cclf-import plan terraform
on:
pull_request:
paths:
- .github/workflows/cclf-import-plan.yml
- terraform/modules/bucket/**
- terraform/modules/key/**
- terraform/modules/function/**
- terraform/modules/queue/**
- terraform/modules/subnets/**
- terraform/modules/vpc/**
- terraform/services/cclf-import/**
workflow_dispatch: # Allow manual trigger
jobs:
check-terraform-fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- run: terraform fmt -check -diff -recursive terraform/services/cclf-import
terraform-plan:
needs: check-terraform-fmt
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./terraform/services/cclf-import
strategy:
fail-fast: false
matrix:
app: [bcda]
env: [dev, test, prod]
env:
TF_VAR_app: ${{ matrix.app }}
TF_VAR_env: ${{ matrix.env }}
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ matrix.app == 'ab2d' && secrets[format('{0}_{1}_ACCOUNT', matrix.app, matrix.env)] || secrets.BCDA_ACCOUNT }}:role/delegatedadmin/developer/${{ matrix.app }}-${{ matrix.env }}-github-actions
aws-region: ${{ vars.AWS_REGION }}
- run: terraform init -reconfigure -backend-config=../../backends/$TF_VAR_app-$TF_VAR_env.s3.tfbackend
- run: terraform plan