Skip to content

PLT-585: Add override to aws-common ruleset for XSS check (#121) #3

PLT-585: Add override to aws-common ruleset for XSS check (#121)

PLT-585: Add override to aws-common ruleset for XSS check (#121) #3

Workflow file for this run

name: api-waf apply terraform
on:
push:
branches:
- main
paths:
- .github/workflows/api-waf-apply.yml
- terraform/services/api-waf/**
- terraform/modules/firewall/**
workflow_dispatch: # Allow manual trigger
jobs:
terraform-apply:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./terraform/services/api-waf
strategy:
fail-fast: false
matrix:
app: [dpc]
env: [dev]
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ matrix.app == 'ab2d' && secrets[format('{0}_{1}_ACCOUNT', matrix.app, matrix.env)] || secrets.BCDA_ACCOUNT }}:role/delegatedadmin/developer/${{ matrix.app }}-${{ matrix.env }}-github-actions
aws-region: ${{ vars.AWS_REGION }}
- run: terraform init -backend-config=../../backends/${{ matrix.app }}-${{ matrix.env }}.s3.tfbackend
- run: terraform apply -auto-approve
env:
TF_VAR_app: ${{ matrix.app }}
TF_VAR_env: ${{ matrix.env }}