name: test-ci-bootstrap on: workflow_dispatch: pull_request: branches: - main paths: - enos/ci/** - .github/workflows/test-ci-bootstrap.yml push: branches: - main paths: - enos/ci/** - .github/workflows/test-ci-bootstrap.yml jobs: bootstrap-ci: runs-on: ubuntu-latest env: TF_WORKSPACE: "${{ github.event.repository.name }}-ci-enos-bootstrap" TF_VAR_repository: ${{ github.event.repository.name }} TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set up Terraform uses: hashicorp/setup-terraform@v2 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} aws-region: us-east-1 role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} role-skip-session-tagging: true role-duration-seconds: 3600 - name: Init Terraform id: tf_init run: | terraform -chdir=enos/ci/bootstrap init - name: Plan Terraform id: tf_plan run: | terraform -chdir=enos/ci/bootstrap plan - name: Apply Terraform if: ${{ github.ref == 'refs/heads/main' }} id: tf_apply run: | terraform -chdir=enos/ci/bootstrap apply -auto-approve