Debug aws credentials #46

Workflow file for this run

.github/workflows/terraform-run.yml at 542a740

	name: "Terraform Run"

	on:
	push:
	branches: [production]
	pull_request:
	workflow_dispatch:

	env:
	CONSUL_HTTP_TOKEN: ${{ secrets.CONSUL_HTTP_TOKEN }} # Repository specific, contact @bencord0 to rotate
	ARTIFACT_SECRET_KEY: ${{ secrets.ARTIFACT_SECRET_KEY }} # Random, e.g. $(uuidgen); not stored, free to rotate at any time

	permissions:
	id-token: write

	jobs:
	terraform-plan:
	name: 'Terraform Plan'
	runs-on: ubuntu-latest

	strategy:
	matrix:
	region: ["eu-west-1", "eu-west-2", "us-east-1"]

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Configure AWS Credentials
	run: \|
	./scripts/setup_aws_credentials.py \
	--role "arn:aws:iam::055237546114:role/terraform-plans-ro"

	- name: Terraform Plan
	run: ./scripts/terraform_plan.sh
	env:
	AWS_DEFAULT_REGION: ${{ matrix.region }}

	# Saves the plan as an artifact
	- name: Save Encrypted Plan
	uses: actions/upload-artifact@v2
	with:
	name: terraform-plan-${{ matrix.region }}
	path: './tfplan-${{ matrix.region }}.enc'
	retention-days: 1

	terraform-apply:
	name: 'Terraform Apply'
	runs-on: ubuntu-latest
	environment: production
	needs: terraform-plan
	if: github.ref == 'refs/heads/production'

	steps:
	# Checkout the repository to the GitHub Actions runner
	- name: Checkout
	uses: actions/checkout@v3

	# Retrieve the prepared plan
	- name: Download Plan
	uses: actions/download-artifact@v2
	with:
	name: terraform-plan-${{ matrix.region }}
	path: '.'

	- name: Configure AWS Credentials
	run: \|
	./scripts/setup_aws_credentials.py \
	--role "arn:aws:iam::055237546114:role/terraform-plans"

	- name: Terraform Apply
	run: ./scripts/terraform_apply.sh
	env:
	AWS_DEFAULT_REGION: ${{ matrix.region }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Debug aws credentials #46

Workflow file

Debug aws credentials #46

Jobs

Run details

Workflow file for this run