Apply

PRSD-790: Fixes broken iam policy document (#26) #11

Workflow file for this run

	name: Apply
	on:
	push:
	branches:
	- main

	jobs:
	plan:
	name: Terraform plan
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	concurrency: tfstate-integration
	outputs:
	plan: ${{ steps.plan.outputs.stdout }}
	plan_exitcode: ${{ steps.plan.outputs.exitcode }}
	defaults:
	run:
	working-directory: terraform/integration
	env:
	AWS_REGION: "eu-west-2"
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v3
	with:
	role-to-assume: arn:aws:iam::794038239680:role/github-actions-terraform-ci-plan-read-only
	aws-region: ${{ env.AWS_REGION }}

	- name: Set up Terraform
	# Exposes stdout, stderr and exitcode as outputs for any steps that run terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.9.1

	- name: Terraform init
	id: init
	run: terraform init -input=false
	working-directory: terraform/integration

	- name: Terraform Plan
	id: plan
	# Terraform's "detailed-exitcode" codes are: 0 for "no changes", 1 for errors, 2 for "valid changes"
	# We don't save the plan as an artefact as it's sensitive and this repo is public
	run: >
	terraform plan -input=false -detailed-exitcode
	continue-on-error: true
	working-directory: terraform/integration

	- name: Fail job if plan failed
	if: steps.plan.outputs.exitcode == 1
	run: exit 1

	- name: Report pipeline status
	if: always() && github.event_name == 'push' && github.ref == 'refs/heads/main'
	id: slack
	uses: slackapi/slack-github-action@v1.26.0
	with:
	payload: \|
	{
	"commit": ${{ toJson(github.event.head_commit.message) }},
	"result": "${{ job.status == 'success' && 'Success :tick:' \|\| 'Failure :no-cross:' }}",
	"url": "${{ format('https://github.com/communitiesuk/prsdb-infra/actions/runs/{0}', github.run_id) }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

	apply:
	name: Terraform apply
	needs: plan
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	concurrency: tfstate-integration
	environment: integration
	if: needs.plan.outputs.plan_exitcode == 2
	env:
	AWS_REGION: "eu-west-2"
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v3
	with:
	role-to-assume: arn:aws:iam::794038239680:role/github-actions-terraform-admin
	aws-region: ${{ env.AWS_REGION }}

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.9.1

	- name: Terraform init
	id: init
	run: terraform init -input=false
	working-directory: terraform/integration

	- name: Terraform Apply
	run: terraform apply -auto-approve -input=false
	working-directory: terraform/integration

	- name: Report pipeline status
	if: always() && github.event_name == 'push' && github.ref == 'refs/heads/main'
	id: slack
	uses: slackapi/slack-github-action@v1.26.0
	with:
	payload: \|
	{
	"commit": ${{ toJson(github.event.head_commit.message) }},
	"result": "${{ job.status == 'success' && 'Success :tick:' \|\| 'Failure :no-cross:' }}",
	"url": "${{ format('https://github.com/communitiesuk/prsdb-infra/actions/runs/{0}', github.run_id) }}"
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PRSD-790: Fixes broken iam policy document (#26) #11

Workflow file

PRSD-790: Fixes broken iam policy document (#26) #11

Jobs

Run details

Workflow file for this run