-
Notifications
You must be signed in to change notification settings - Fork 0
89 lines (74 loc) · 2.71 KB
/
terraform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: Terraform Validation
env:
AWS_IAM_ROLE_ARN_CI: ${{ secrets.AWS_IAM_ROLE_ARN_CI }}
AWS_IAM_ROLE_ARN_DEPLOY: ${{ secrets.AWS_IAM_ROLE_ARN_DEPLOY }}
AWS_IAM_ROLE_SESSION_NAME: githubsession
AWS_REGION: 'eu-central-1'
S3_BUCKET: 'faaizz-demo-terraform-state'
on: [push]
jobs:
terraform_checks:
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
strategy:
matrix:
os: [ubuntu-latest]
dir:
[
'terraform/pre_deployment',
'terraform/backend',
'terraform/frontend',
]
steps:
- name: AWS Credentials for CI Account
uses: aws-actions/configure-aws-credentials@580afbba8076b302fad6220e95a3a845f32b165a
with:
role-to-assume: ${{env.AWS_IAM_ROLE_ARN_CI}}
role-session-name: ${{env.AWS_IAM_ROLE_SESSION_NAME}}
aws-region: ${{env.AWS_REGION}}
- name: AWS Credentials for Deployment
uses: aws-actions/configure-aws-credentials@580afbba8076b302fad6220e95a3a845f32b165a
with:
aws-region: ${{env.AWS_REGION}}
role-to-assume: ${{env.AWS_IAM_ROLE_ARN_DEPLOY}}
role-skip-session-tagging: true
role-chaining: true
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: '1.0'
- name: Checkout
uses: actions/checkout@v3
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Generate backend.tf
shell: bash
run: |
./scripts/generate_backend.sh ./terraform/backend ${{env.S3_BUCKET}} ${{env.AWS_REGION}} "backend.tfstate"
./scripts/generate_backend.sh ./terraform/frontend ${{env.S3_BUCKET}} ${{env.AWS_REGION}} "frontend.tfstate"
- name: Terraform Init
working-directory: ${{ matrix.dir }}
run: terraform init
- name: Terraform Check
working-directory: ${{ matrix.dir }}
run: terraform fmt -check
- name: Terraform Validate
working-directory: ${{ matrix.dir }}
run: terraform validate
- name: Setup TFLint
uses: terraform-linters/setup-tflint@v2
with:
tflint_version: v0.44.1
- name: Show version
working-directory: ${{ matrix.dir }}
run: tflint --config "${GITHUB_WORKSPACE}/.github/linters/.tflint.hcl" --version
- name: Init TFLint
working-directory: ${{ matrix.dir }}
run: tflint --config "${GITHUB_WORKSPACE}/.github/linters/.tflint.hcl" --init
- name: Run TFLint
working-directory: ${{ matrix.dir }}
run: tflint --config "${GITHUB_WORKSPACE}/.github/linters/.tflint.hcl" -f compact