generated from cds-snc/project-template
-
Notifications
You must be signed in to change notification settings - Fork 2
49 lines (43 loc) · 1.35 KB
/
tf-plan-aft.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: Terraform aft plan
on:
workflow_dispatch:
pull_request:
paths:
- "terragrunt/org_account/aft/**"
- ".github/workflows/tf-plan-aft.yml"
- ".github/workflows/tf-apply.yml"
env:
AWS_REGION: "ca-central-1"
TERRAFORM_VERSION: 1.7.2
TERRAGRUNT_VERSION: 0.55.1
CONFTEST_VERSION: 0.49.0
permissions:
id-token: write
contents: read
pull-requests: write
actions: write
checks: write
statuses: write
jobs:
terraform-plan-aft-account:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: setup terraform tools
uses: cds-snc/terraform-tools-setup@v1
- name: Configure aws credentials using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::659087519042:role/CDSLZTerraformAdminPlanRole
role-session-name: 659087519042-aft-CDSLZTerraformAdminPlanRole-plan
aws-region: ca-central-1
- name: Terraform Plan for org_account/aft
# I have no idea if this will work.
uses: cds-snc/terraform-plan@v3
with:
comment-delete: true
comment-title: Plan for org_account/aft
directory: ./terragrunt/org_account/aft
github-token: ${{ secrets.GITHUB_TOKEN }}
terragrunt: true