diff --git a/tfaction-root.yaml b/tfaction-root.yaml new file mode 100644 index 0000000..8e62452 --- /dev/null +++ b/tfaction-root.yaml @@ -0,0 +1,68 @@ +--- +plan_workflow_name: test # Mandatory +label_prefixes: + tfmigrate: "migrate:" +# skip_create_pr: true + +# drift_detection: +# # issue_repo_owner: +# # issue_repo_name: +# minimum_detection_interval: 5 # 5 days. By default 7 days. +# num_of_issues: 3 # 3 working directories are checked per workflow run. By default 1 working directory is checked. + +tfsec: + enabled: false +trivy: + enabled: false + +scaffold_working_directory: + skip_adding_aqua_packages: true + +aqua: + update_checksum: + # Update aqua-checksums.json in `setup` action + enabled: true # default is false + skip_push: false # default is false + prune: true # default is false + +target_groups: +- working_directory: terraform/aws/ + target: terraform/aws/ + aws_region: ap-northeast-1 + s3_bucket_name_plan_file: 'matchan26-terraform-state-backend-bucket' + s3_bucket_name_tfmigrate_history: 'matchan26-terraform-state-backend-bucket' + template_dir: templates/aws + + terraform_plan_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_terraform_plan" + tfmigrate_plan_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_tfmigrate_plan" + terraform_apply_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_terraform_apply" + tfmigrate_apply_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_tfmigrate_apply" + +- working_directory: terraform/gcp/ + target: terraform/gcp/ + aws_region: ap-northeast-1 + s3_bucket_name_plan_file: 'matchan26-terraform-state-backend-bucket' + s3_bucket_name_tfmigrate_history: 'matchan26-terraform-state-backend-bucket' + #gcs_bucket_name_plan_file: '' + #gcs_bucket_name_tfmigrate_history: '' + template_dir: templates/gcp + terraform_plan_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_terraform_plan" + gcp_service_account: terraform-sa@virtual-signer-406313.iam.gserviceaccount.com + gcp_workload_identity_provider: projects/163667651642/locations/global/workloadIdentityPools/github-oidc-pool/providers/github-actions + tfmigrate_plan_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_tfmigrate_plan" + gcp_service_account: terraform-sa@virtual-signer-406313.iam.gserviceaccount.com + gcp_workload_identity_provider: projects/163667651642/locations/global/workloadIdentityPools/github-oidc-pool/providers/github-actions + terraform_apply_config: + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_terraform_apply" + gcp_service_account: terraform-sa@virtual-signer-406313.iam.gserviceaccount.com + gcp_workload_identity_provider: projects/163667651642/locations/global/workloadIdentityPools/github-oidc-pool/providers/github-actions + tfmigrate_apply_config: + gcp_service_account: terraform-sa@virtual-signer-406313.iam.gserviceaccount.com + gcp_workload_identity_provider: projects/163667651642/locations/global/workloadIdentityPools/github-oidc-pool/providers/github-actions + aws_assume_role_arn: "arn:aws:iam::115313250887:role/GitHubActions_Terraform_wordpress-infra_tfmigrate_apply"