Skip to content

PLT-338 Security group for internet access #43

PLT-338 Security group for internet access

PLT-338 Security group for internet access #43

Workflow file for this run

name: tfstate plan terraform
on:
pull_request:
paths:
- .github/workflows/tfstate-plan.yml
- terraform/services/tfstate/**
- terraform/modules/bucket/**
- terraform/modules/table/**
workflow_dispatch: # Allow manual trigger
jobs:
check-terraform-fmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- run: terraform fmt -check -diff -recursive terraform/services/tfstate
terraform-plan:
needs: check-terraform-fmt
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./terraform/services/tfstate
strategy:
fail-fast: false
matrix:
app: [ab2d, bcda, dpc]
env: [dev, test, sbx, prod, mgmt]
steps:
- uses: actions/checkout@v4
- uses: ./actions/setup-tfenv-terraform
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ matrix.app == 'ab2d' && secrets[format('{0}_{1}_ACCOUNT', matrix.app, matrix.env)] || secrets.BCDA_ACCOUNT }}:role/delegatedadmin/developer/${{ matrix.app }}-${{ matrix.env }}-github-actions
aws-region: ${{ vars.AWS_REGION }}
- run: terraform init -backend-config=../../backends/${{ matrix.app }}-${{ matrix.env }}.s3.tfbackend
- run: terraform plan
env:
TF_VAR_app: ${{ matrix.app }}
TF_VAR_env: ${{ matrix.env }}