Add an example user #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Plan configuration | |
| on: | |
| pull_request: | |
| paths: | |
| - "**/*.tf" | |
| - "**/*.tfvars" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: false | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| plan: | |
| # This workflow cannot run on pull requests from forked repositories | |
| # (because we do not want to grant access to our AWS credentials to | |
| # third-party code). | |
| if: github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| env: | |
| TF_CLI_ARGS: "-no-color" | |
| TF_IN_AUTOMATION: "true" | |
| TF_VAR_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }} | |
| TF_VAR_aws_account_id_secondary: ${{ secrets.AWS_ACCOUNT_ID_SECONDARY }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| aws-region: us-east-1 | |
| - name: Setup OpenTofu | |
| uses: opentofu/setup-opentofu@v2 | |
| with: | |
| tofu_wrapper: false | |
| - name: TF init | |
| run: | | |
| tofu init | |
| - name: TF Validate | |
| run: | | |
| tofu validate | |
| - name: TF Plan & Policy | |
| run: | | |
| ./scripts/check-policy.sh |