Update main.tf #20

Workflow file for this run

	name: Terraform CI/CD with OPA

	on:
	push:
	branches:
	- main
	paths:
	- '*/.tf'
	- 'policies/*.rego'
	pull_request:
	branches:
	- main
	paths:
	- '*/.tf'
	- 'policies/*.rego'

	jobs:
	terraform_plan:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2

	- name: Cleanup macOS metadata files
	run: find ./policies -name '._*' -delete

	- name: Set up AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-1

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v2

	- name: Terraform Init and Plan
	run: \|
	terraform init
	terraform plan -out=tfplan

	- name: Save Terraform Plan
	run: terraform show -json tfplan > plan.json

	- name: Install OPA
	run: \|
	curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64
	chmod +x opa

	- name: Download OPA Policies
	run: \|
	curl -L -o policies.tar.gz ${{ secrets.POLICY_URL }}
	tar --exclude='._*' -czvf policies.tar.gz -C policies .

	- name: OPA Policy Evaluation
	run: ./opa eval --bundle policies.tar.gz --input plan.json "data.terraform.allow"

	terraform_apply:
	needs: terraform_plan
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	steps:
	- uses: actions/checkout@v2

	- name: Set up AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-1

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v2

	- name: Terraform Apply
	run: \|

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update main.tf #20

Workflow file

Update main.tf #20

Jobs

Run details

Workflow file for this run