| name: test-ci-bootstrap |
| |
| on: |
| workflow_dispatch: |
| pull_request: |
| branches: |
| - main |
| paths: |
| - enos/ci/** |
| - .github/workflows/test-ci-bootstrap.yml |
| push: |
| branches: |
| - main |
| paths: |
| - enos/ci/** |
| - .github/workflows/test-ci-bootstrap.yml |
| |
| jobs: |
| bootstrap-ci: |
| runs-on: ubuntu-latest |
| env: |
| TF_WORKSPACE: "${{ github.event.repository.name }}-ci-enos-bootstrap" |
| TF_VAR_repository: ${{ github.event.repository.name }} |
| TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} |
| TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} |
| steps: |
| - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 |
| - name: Set up Terraform |
| uses: hashicorp/setup-terraform@v2 |
| - name: Configure AWS credentials |
| uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 |
| with: |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} |
| aws-region: us-east-1 |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} |
| role-skip-session-tagging: true |
| role-duration-seconds: 3600 |
| - name: Init Terraform |
| id: tf_init |
| run: | |
| terraform -chdir=enos/ci/bootstrap init |
| - name: Plan Terraform |
| id: tf_plan |
| run: | |
| terraform -chdir=enos/ci/bootstrap plan |
| - name: Apply Terraform |
| if: ${{ github.ref == 'refs/heads/main' }} |
| id: tf_apply |
| run: | |
| terraform -chdir=enos/ci/bootstrap apply -auto-approve |