From be6f647b3f7c139678cd4562b6a304ab0488cac0 Mon Sep 17 00:00:00 2001 From: Vimal Paliwal Date: Thu, 2 May 2024 20:53:50 +0100 Subject: [PATCH] add tf plan workflow --- .github/workflows/tests.yml | 19 ------------------- .github/workflows/tf-plan.yml | 29 +++++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 19 deletions(-) delete mode 100644 .github/workflows/tests.yml create mode 100644 .github/workflows/tf-plan.yml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml deleted file mode 100644 index 896078e..0000000 --- a/.github/workflows/tests.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: tests -on: - push: - branches: - - main - pull_request: -jobs: - test: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set up Terraform - uses: hashicorp/setup-terraform@v3 - - name: Terraform Init - id: init - run: terraform init - - name: Terraform Validate - id: validate - run: terraform validate diff --git a/.github/workflows/tf-plan.yml b/.github/workflows/tf-plan.yml new file mode 100644 index 0000000..c8cc2c5 --- /dev/null +++ b/.github/workflows/tf-plan.yml @@ -0,0 +1,29 @@ +name: tf-plan +on: + push: + branches: + - main + pull_request: + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: configure aws credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + role-to-assume: ${{ secrets.TF_READ_ONLY_GITHUB_OIDC_ROLE_ARN }} + aws-region: eu-west-1 + - name: Set up Terraform + uses: hashicorp/setup-terraform@v3 + - name: Terraform Init + id: init + run: terraform init + - name: Terraform Plan + id: plan + run: terraform plan -var 'name=baseline-waf-rule-group' -var 'scope=REGIONAL'