Skip to content
Pull Request

feat: initial release #12

Sign in to view logs

feat: initial release

feat: initial release #12

Workflow file for this run

.github/workflows/pull-request.yml at 0ca9edb
name: Pull Request
on:
pull_request:
branches: [ master ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
actions: read
strategy:
matrix:
node: [ '20.x' ]
os: [ ubuntu-latest ]
env:
HUSKY: 0 # disables husky hooks
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Configure AWS Actions Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::914054469264:role/github-actions-admin-dev
aws-region: us-east-2
- name: Configure AWS Terraform Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::914054469264:role/terraform-admin
aws-region: us-east-2
role-chaining: true
- name: Use Node ${{ matrix.node }}
uses: actions/setup-node@v1
with:
node-version: ${{ matrix.node }}
- name: Install deps (with cache)
uses: bahmutov/npm-install@v1
with:
install-command: yarn --immutable --no-progress --ignore-scripts
- id: read-package-json
name: Read package.json
run: |
content=`cat package.json`
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
echo "::set-output name=packageJson::$content"got
- name: Verify
run: make verify
env:
SKIP_INSTALL: 1 # install with cache was done already
terraform-format-validate:
runs-on: ubuntu-latest
environment: PR
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_wrapper: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::914054469264:role/github-actions-admin-dev
aws-region: us-east-2
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::914054469264:role/terraform-admin
aws-region: us-east-2
role-chaining: true
- name: Terraform fmt
id: fmt
run: terraform fmt -check -diff
working-directory: terraform/
continue-on-error: false
- name: Terraform init
id: init
run: terraform init -backend-config=dev.tfbackend
working-directory: terraform/
continue-on-error: false
env:
TF_VAR_env: dev
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}
- name: Terraform validate
id: validate
run: terraform validate
working-directory: terraform/
continue-on-error: false
env:
TF_VAR_env: dev
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}
terraform-plan:
runs-on: ubuntu-latest
needs:
- terraform-format-validate
permissions:
id-token: write
contents: read
environment: PR
strategy:
fail-fast: true
matrix:
env: [dev, prod]
include:
- env: dev
account_id: "914054469264"
- env: prod
account_id: "469828239459"
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_wrapper: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{matrix.account_id}}:role/github-actions-admin-${{matrix.env}}
aws-region: us-east-2
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{matrix.account_id}}:role/terraform-admin
aws-region: us-east-2
role-chaining: true
- name: Terraform init
id: init
run: terraform init -backend-config=${{matrix.env}}.tfbackend
working-directory: terraform/
continue-on-error: false
- name: Terraform plan dev
id: plan
run: terraform plan
working-directory: terraform/
continue-on-error: false
env:
TF_VAR_env: ${{matrix.env}}
TF_VAR_r2_access_key: ${{secrets.TF_R2_ACCESS_KEY}}
TF_VAR_r2_secret_key: ${{secrets.TF_R2_SECRET_KEY}}