Skip to content

ci(github-action): update aquasecurity/trivy-action action ( 0.28.0 →… #89

ci(github-action): update aquasecurity/trivy-action action ( 0.28.0 →…

ci(github-action): update aquasecurity/trivy-action action ( 0.28.0 →… #89

---
name: Terraform | Apply
on:
push:
branches:
- main
paths:
- "armature/prod/gcp/**"
- "armature/prod/tf-states/**"
- "armature/prod/b2/**"
- ".github/workflows/**"
concurrency:
group: tf
cancel-in-progress: false
env:
# renovate: datasource=github-releases depName=hashicorp/terraform
TERRAFORM_VERSION: 1.5.6
TF_VAR_org_id: ${{ secrets.TF_VARS_GCP_ORG_ID }}
TF_VAR_billing_account: ${{ secrets.TF_VARS_GCP_BILLING_ACCOUNT }}
TF_VAR_group_org_admins: ${{ secrets.TF_VARS_GCP_ORG_ADMINS }}
TF_VAR_group_billing_admins: ${{ secrets.TF_VARS_GCP_BILLING_ADMINS }}
permissions:
id-token: write
contents: read
pull-requests: write
actions: write
checks: write
statuses: write
jobs:
terraform-apply:
strategy:
fail-fast: false
matrix:
include:
- env: 'armature/prod/gcp/bootstrap'
- env: 'armature/prod/gcp/kutara'
- env: 'armature/prod/gcp/top22'
- env: 'armature/prod/tf-states'
- env: 'armature/prod/b2'
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: google-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.GCP_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Init
run: terraform -chdir=${{ matrix.env }} init
- name: Terraform Plan
run: terraform -chdir=${{ matrix.env }} plan -out=infra.tfplan
- name: Terraform Apply
run: terraform -chdir=${{ matrix.env }} apply -auto-approve infra.tfplan