Skip to content

PLT-193 Terraform plan & apply workflows #20

PLT-193 Terraform plan & apply workflows

PLT-193 Terraform plan & apply workflows #20

name: Terraform plan for github-actions terraform
on:
pull_request:
paths:
- .github/workflows/github-actions-terraform-plan.yml
- actions/setup-tfenv-terraform/**
- terraform/services/github-actions/**
workflow_dispatch: # Allow manual trigger
jobs:
check-terraform-fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- run: terraform fmt -check -diff -recursive ./terraform/services/github-actions
terraform-plan:
needs: check-terraform-fmt
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./terraform/services/github-actions
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- name: Download lambdas
run: |
cd lambdas-download
terraform init
terraform apply -auto-approve
cd ..
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ vars.RUNNER_ACCOUNT_ROLE }}
aws-region: us-east-1
- run: terraform init -reconfigure -backend-config=../../backends/bcda.s3.tfbackend
- run: terraform plan
env:
TF_VAR_ami_account: ${{ vars.RUNNER_AMI_ACCOUNT }}
TF_VAR_ami_filter: ${{ vars.RUNNER_AMI_FILTER }}
TF_VAR_app_id: ${{ vars.RUNNER_APP_ID }}
TF_VAR_key_base64: ${{ secrets.RUNNER_APP_KEY_BASE64 }}
TF_VAR_webhook_secret: ${{ secrets.RUNNER_WEBHOOK_SECRET }}