-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
tf_via_pr_input.yaml
41 lines (35 loc) · 1.32 KB
/
tf_via_pr_input.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
name: TF via PR Input with AWS Authentication
on:
pull_request:
types: [opened, reopened, synchronize, closed]
paths: ['**/*.tf*']
jobs:
tf:
runs-on: ubuntu-latest
if: github.event.action != 'closed' || github.event.pull_request.merged
permissions:
actions: read # Required for workflow query and artifact download.
checks: write # Required for adding summary to check status.
contents: read # Required for repository checkout.
id-token: write # Required for assuming AWS role via OIDC provider.
pull-requests: write # Required for commenting on PR.
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Setup TF
uses: hashicorp/setup-terraform@v3
- name: Provision TF
uses: devsectop/tf-via-pr-comments@v10
env:
TF_VAR_PLACEHOLDER: value
with:
backend_config_prefix: backend/
backend_config_suffix: .tfvars
chdir_prefix: sample/
command_input: ${{ format('-tf={0} -chdir=sample_bucket -backend-config=dev', github.event.action != 'closed' && 'plan' || 'apply') }}