diff --git a/.github/workflows/apply.yml b/.github/workflows/apply.yml new file mode 100644 index 0000000..3be05f4 --- /dev/null +++ b/.github/workflows/apply.yml @@ -0,0 +1,40 @@ +name: Terraform Apply + +on: + push: + branches: + - main + +jobs: + apply: + name: Apply Terraform + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Download Terraform Plan + uses: actions/download-artifact@v3 + with: + name: terraform-plan + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.9.4 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-oidc/github-deployment + + - name: Initialize Terraform + run: terraform init -backend-config="bucket=tf-state-${{ secrets.AWS_REGION }}-${{ secrets.AWS_ACCOUNT_ID }}" -backend-config="key=${{ github.repository }}.tfstate" -backend-config="dynamodb_table=tf-state-${{ secrets.AWS_REGION }}-${{ secrets.AWS_ACCOUNT_ID }}" + + - name: Apply Terraform + run: terraform apply -auto-approve plan.json