Adding automated TF deployment to CI account

aws-games · Jun 20, 2024 · 695a880 · 695a880
1 parent afab4bc
commit 695a880
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 12 deletions.
diff --git a/.github/workflows/scoutsuite.yml b/.github/workflows/scoutsuite.yml
@@ -0,0 +1,54 @@
+name: ScouteSuite
+on:
+    pull_request:
+        branches:
+            ["main"]
+    push:
+        branches:
+            ["main"]
+
+jobs:
+    Terraform:
+        strategy:
+            matrix: { dir: ["samples/simple-build-pipeline"] }
+        environment: aws-ci
+        runs-on: ubuntu-latest
+        permissions:
+            id-token: write
+            contents: read
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v3
+            - name: Configure AWS Credentials
+              uses: aws-actions/configure-aws-credentials@v4
+              with:
+                aws-region: us-east-1
+                ## the following creates an ARN based on the values entered into github secrets
+                role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }}
+                role-session-name: CGDToolkitGitHubActions
+
+            - name: Terraform fmt
+              id: fmt
+              working-directory: ${{ matrix.dir }}
+              run: terraform fmt -check
+              continue-on-error: true
+
+            - name: Terraform Init
+              id: init
+              working-directory: ${{ matrix.dir }}
+              run: terraform init
+
+            - name: Terraform Validate
+              id: validate
+              working-directory: ${{ matrix.dir }}
+              run: terraform validate -no-color
+
+            - name: Terraform Plan
+              id: plan
+              working-directory: ${{ matrix.dir }}
+              run: terraform plan -no-color
+
+            - run: echo ${{ steps.plan.outputs.stdout }}
+            - run: echo ${{ steps.plan.outputs.stderr }}
+            - run: echo ${{ steps.plan.outputs.exitcode }}
+
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -18,15 +18,4 @@ repos:
           - --args=--download-external-modules true
       - id: terraform_validate
       - id: terraform_fmt
-      - id: terraform_tflint
-    ci:
-      autofix_commit_msg: |
-          [pre-commit.ci] auto fixes from pre-commit.com hooks
-
-          for more information, see https://pre-commit.ci
-      autofix_prs: true
-      autoupdate_branch: ''
-      autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
-      autoupdate_schedule: weekly
-      skip: []
-      submodules: false
+      - id: terraform_tflint