-
Notifications
You must be signed in to change notification settings - Fork 3
44 lines (40 loc) · 1.98 KB
/
on-iac-push-to-main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# ===================================================================================== #
# GitHub Actions configuration file for an AWS Glue ETL application #
# #
# This workflow will: #
# 1. Create AWS resources for the production environment using Terraform. #
# ===================================================================================== #
name: on IaC PUSH to [main]
on:
push:
branches: [main]
paths:
- ".github/workflows/on-iac-*.yaml"
- "infrastructure/**"
jobs:
# ===================================================================================== #
# CREATE THE AWS RESOURCES FOR THE PRODUCTION ENVIRONMENT #
# ===================================================================================== #
terraform-production-infrastructure:
environment: production
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GlueCICDGitHubActionsServiceRole
aws-region: ${{ vars.AWS_REGION }}
- uses: hashicorp/setup-terraform@v2
- name: Terraform style check
run: terraform fmt -check -recursive ./infrastructure
- name: Terraform validate
run: terraform -chdir=./infrastructure validate
- name: Terraform init
run: terraform -chdir=./infrastructure/environments/prod init -input=false
- name: Terraform plan
run: terraform -chdir=./infrastructure/environments/prod plan -input=false
- name: Terraform apply
run: terraform -chdir=./infrastructure/environments/prod apply -input=false -auto-approve