add tf plan workflow

terrablocks · May 2, 2024 · be6f647 · be6f647
1 parent 89abe31
commit be6f647
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 19 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
diff --git a/.github/workflows/tf-plan.yml b/.github/workflows/tf-plan.yml
@@ -0,0 +1,29 @@
+name: tf-plan
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read  # This is required for actions/checkout
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v3
+        with:
+          role-to-assume: ${{ secrets.TF_READ_ONLY_GITHUB_OIDC_ROLE_ARN }}
+          aws-region: eu-west-1
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Terraform Init
+        id: init
+        run: terraform init
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -var 'name=baseline-waf-rule-group' -var 'scope=REGIONAL'