Skip to content

Commit 2c21307

Browse files
committed
Run tofu plan on pull requests
1 parent e82f510 commit 2c21307

2 files changed

Lines changed: 59 additions & 3 deletions

File tree

.github/workflows/plan.yaml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
name: Plan configuration
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- "**/*.tf"
7+
- "**/*.tfvars"
8+
9+
concurrency:
10+
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
11+
cancel-in-progress: false
12+
13+
permissions:
14+
id-token: write
15+
contents: read
16+
17+
jobs:
18+
plan:
19+
# This workflow cannot run on pull requests from forked repositories
20+
# (because we do not want to grant access to our AWS credentials to
21+
# third-party code).
22+
if: github.event.pull_request.head.repo.full_name == github.repository
23+
runs-on: ubuntu-latest
24+
env:
25+
TF_CLI_ARGS: "-no-color"
26+
TF_IN_AUTOMATION: "true"
27+
TF_VAR_aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
28+
TF_VAR_aws_account_id_secondary: ${{ secrets.AWS_ACCOUNT_ID_SECONDARY }}
29+
steps:
30+
- uses: actions/checkout@v6
31+
32+
- uses: aws-actions/configure-aws-credentials@v4
33+
with:
34+
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
35+
aws-region: us-east-1
36+
37+
- name: Setup OpenTofu
38+
uses: opentofu/setup-opentofu@v2
39+
with:
40+
tofu_wrapper: false
41+
42+
- name: TF init
43+
run: |
44+
tofu init
45+
46+
- name: TF Validate
47+
run: |
48+
tofu validate
49+
50+
- name: TF Plan & Policy
51+
run: |
52+
./scripts/check-policy.sh

.github/workflows/pre-commit.yaml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ name: pre-commit
33
on:
44
workflow_dispatch:
55
pull_request:
6-
push:
7-
branches-ignore:
8-
- main
6+
7+
env:
8+
TERRAFORM_DOCS_VERSION: "0.24.0"
99

1010
jobs:
1111
pre-commit:
@@ -21,6 +21,10 @@ jobs:
2121
- uses: opentofu/setup-opentofu@v2
2222
with:
2323
tofu_wrapper: false
24+
- name: Install terraform-docs
25+
run: |
26+
curl -sSLo terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v${TERRAFORM_DOCS_VERSION}/terraform-docs-v${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz
27+
tar -C /usr/local/bin -xf terraform-docs.tar.gz terraform-docs
2428
- uses: pre-commit/action@v3.0.1
2529
with:
2630
extra_args: --all-files

0 commit comments

Comments
 (0)