Use terraform that actually works #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Digger Plan | |
| on: | |
| pull_request: | |
| branches: [ "main" ] | |
| types: [ opened, synchronize ] | |
| issue_comment: | |
| types: [created] | |
| workflow_dispatch: | |
| jobs: | |
| plan: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # required to merge PRs | |
| id-token: write # required for workload-identity-federation | |
| pull-requests: write # required to post PR comments | |
| statuses: write # required to validate combined PR status | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Unlike GCP; the role assumption is handled inline | |
| - name: digger run | |
| uses: diggerhq/[email protected] | |
| with: | |
| setup-aws: true | |
| #Uncomment below line if using OIDC | |
| #aws-role-to-assume: arn:aws:sts::{secrets.AccountID}:assumed-role/{secrets.RoleName}/{FunctionName} | |
| #Comment the following two lines out if using OIDC. | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| ##End comment block | |
| aws-region: us-east-1 | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |