48 lines (43 loc) · 1.42 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: deploy
run-name: Provision AWS S3
permissions: read-all
#checkov:skip=CKV_GHA_7:Manual workflow requires selection of environment
on:
workflow_dispatch:
inputs:
environment:
description: 'Environment'
required: true
default: 'production'
type: choice
options:
- production
jobs:
terraform-apply:
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
# And for creating GitHub comment to PR.
permissions:
id-token: write
contents: read
environment: production
steps:
- uses: actions/checkout@master
# Configure AWS Credentials to deploy terraform changes onto AWS
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
# This is an assumed role created for GitHub Actions to access the statefile of this terraform project
role-to-assume: arn:aws:iam::295919900413:role/iac-s3-example-role
role-session-name: S3IaCExampleRole
# Terraform Cloud Authentication
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.7.2
terraform_wrapper: false
- name: Terraform Init
id: init
run: terraform init -input=false
- name: Terraform apply
run: terraform apply -input=false -no-color -auto-approve