This repository was archived by the owner on Jan 13, 2025. It is now read-only.

fix: registration login #112

	name: Create terraform plan

	on: [ pull_request ]

	permissions:
	contents: read
	id-token: write
	pull-requests: write

	jobs:
	plan:
	runs-on: ubuntu-latest
	name: Create a plan for the terraform configuration

	strategy:
	fail-fast: false
	matrix:
	context: [ infrastructure, applications ]

	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	VAULT_ADDR: "https://vault.presentium.ch"

	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ vars.AWS_REGION }}
	role-to-assume: ${{ vars.AWS_ARN }}

	- name: Login to vault (read-only)
	if: ${{ github.ref_name != 'main' }}
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	path: jwt-github-actions
	role: github-actions-read-only
	exportToken: true

	- name: Login to vault (admin)
	if: ${{ github.ref_name == 'main' \|\| github.ref_name == 'production' }}
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ env.VAULT_ADDR }}
	method: jwt
	path: jwt-github-actions
	role: github-actions-admin
	exportToken: true

	- name: Add environment variables
	shell: bash
	run: \|-
	echo "${{ secrets.INFRASTRUCTURE_TFVARS }}" \| base64 -d > infrastructure/secrets.auto.tfvars
	echo "${{ secrets.APPLICATIONS_TFVARS }}" \| base64 -d > applications/secrets.auto.tfvars

	- uses: dorny/paths-filter@v3
	id: changes
	with:
	filters: \|-
	context:
	- '${{ matrix.context }}/**'

	- name: terraform plan
	uses: ./.github/actions/terraform-plan
	if: steps.changes.outputs.context == 'true'
	with:
	path: ${{ matrix.context }}

Provide feedback