-
Notifications
You must be signed in to change notification settings - Fork 5
45 lines (42 loc) · 1.11 KB
/
ci.yaml
File metadata and controls
45 lines (42 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Deploy Terraform
on:
push:
branches:
- main
pull_request:
branches:
- main
permissions:
id-token: write
contents: read
actions: read
checks: write
pull-requests: write
env:
AWS_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
VAR_FILE: ${{ vars.VAR_FILE || 'vars/production.tfvars' }}
jobs:
deploy:
runs-on: ubuntu-24.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_wrapper: false
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_OIDC_ROLE }}
- name: Provision TF
uses: op5dev/tf-via-pr@v13
with:
command: ${{ github.event_name == 'push' && 'apply' || 'plan' }}
tool: tofu
working-directory: terraform
validate: true
format: true
arg-var-file: ${{ env.VAR_FILE }}
arg-var: cluster_ci_access_role_arn=${{ secrets.AWS_OIDC_ROLE }}