Deploy Infra #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Infra | |
| on: workflow_dispatch | |
| env: | |
| AWS_REGION: ap-south-1 | |
| IAM_ROLE: arn:aws:iam::160071257600:role/tw-krish-iac-lab-github-actions-role | |
| VAR_FILE: dev.tfvars | |
| jobs: | |
| pre-deploy: | |
| name: Pre-Deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.9.5 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: GitHubActionsSession | |
| role-to-assume: ${{ env.IAM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Format Terraform | |
| run: terraform fmt | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@v4 | |
| with: | |
| tflint_version: v0.53.0 | |
| - name: Init TFLint | |
| run: tflint --init | |
| - name: Run TFLint | |
| run: tflint --var-file=${{ env.VAR_FILE }} | |
| - name: Scan with tfsec | |
| uses: aquasecurity/[email protected] | |
| with: | |
| working_directory: '.' | |
| format: lovely,markdown | |
| additional_args: --force-all-dirs --tfvars-file=${{ env.VAR_FILE }} --out tfsec | |
| soft_fail: true | |
| - name: tfsec result | |
| if: contains(fromJSON('["success", "failure"]'), steps.tfsec.outcome) && always() | |
| run: echo "$(cat tfsec.markdown)" >> $GITHUB_STEP_SUMMARY | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate | |
| - name: Terraform Plan | |
| run: terraform plan -var-file=${{ env.VAR_FILE }} | |
| - name: Render terraform docs | |
| uses: terraform-docs/gh-actions@main | |
| with: | |
| working-dir: . | |
| output-file: README_TerraformDocs.md | |
| output-method: inject | |
| deploy: | |
| name: Deploy | |
| needs: pre-deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: GitHubActionsSession | |
| role-to-assume: ${{ env.IAM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Get aws identity | |
| run: | | |
| aws sts get-caller-identity | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.9.5 | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Apply | |
| run: terraform apply -var-file=${{ env.VAR_FILE }} -auto-approve |