Apply

Apply #243

Workflow file for this run

	name: Apply

	on:
	workflow_dispatch:
	schedule:
	- cron: '0 6 * * 1'

	env:
	CLOUDSDK_CORE_PROJECT: ${{ secrets.BASELINE_PROJECT_ID }}
	GITHUB_TOKEN: ${{ secrets.ADMIN_GITHUB_TOKEN }}
	TF_IN_AUTOMATION: true
	TF_INPUT: false
	TF_VAR_billing_account_id: ${{ secrets.BILLING_ACCOUNT_ID }}
	TF_VAR_codacy_api_token: ${{ secrets.CODACY_API_TOKEN }}
	TF_VAR_docker_registry_token: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
	TF_VAR_docker_registry_username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
	TF_VAR_github_admin_token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
	TF_VAR_github_api_label_token: ${{ secrets.GH_TOKEN_FOR_LABELING }}
	TF_VAR_project_postfix: ${{ secrets.GCP_PROJECT_POSTFIX }}
	TF_VAR_seed_sa_email: ${{ secrets.SEED_SA_EMAIL_ADDRESS }}
	TF_VAR_workload_identity_pool_id: ${{ secrets.WORKLOAD_IDENTITY_POOL_ID }}
	TF_VAR_workload_identity_provider_name: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}

	permissions:
	id-token: write

	jobs:
	security-scan:
	runs-on: ubuntu-20.04

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Scan
	run: docker run -v ${PWD}:/src aquasec/tfsec:v1.8 /src

	apply:
	runs-on: ubuntu-20.04

	needs:
	- security-scan

	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Authenticating
	uses: google-github-actions/[email protected]
	with:
	workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ secrets.SEED_SA_EMAIL_ADDRESS }}
	- name: Setting up GCP environment
	uses: google-github-actions/[email protected]
	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	- name: Init
	run: terraform init -backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}"
	- name: Apply
	run: terraform apply --auto-approve

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Apply #243

Workflow file

Apply #243

Jobs

Run details

Workflow file for this run