Skip to content

Add an example user

Add an example user #6

Workflow file for this run

name: Plan configuration
on:
pull_request:
paths:
- "**/*.tf"
- "**/*.tfvars"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: false
permissions:
id-token: write
contents: read
jobs:
apply:
# This workflow cannot run on pull requests from forked repositories
# (because we do not want to grant access to our AWS credentials to
# third-party code).
if: github.event.pull_request.head.repo.full_name == github.repository
runs-on: ubuntu-latest
env:
TF_CLI_ARGS: "-no-color"
TF_IN_AUTOMATION: "true"
TF_VAR_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
TF_VAR_aws_account_id_secondary: ${{ secrets.AWS_ACCOUNT_ID_SECONDARY }}
steps:
- uses: actions/checkout@v6
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: us-east-1
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v2
with:
tofu_wrapper: false
- name: TF init
run: |
tofu init
- name: TF Validate
run: |
tofu validate
- name: TF Plan & Policy
run: |
./scripts/check-policy.sh