Skip to content

EntraID SCIM: This really is better done in Terraform #12

EntraID SCIM: This really is better done in Terraform

EntraID SCIM: This really is better done in Terraform #12

name: terraform plan (entraid-scim)
on:
workflow_dispatch:
pull_request:
paths:
- 'entraid-scim/terraform/**'
- '.github/workflows/entraid-scim-plan.yml'
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
plan:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
defaults:
run:
working-directory: ./entraid-scim/terraform
steps:
- uses: actions/[email protected]
- uses: aws-actions/[email protected]
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ROOT_ACCOUNT_ID }}:role/github-actions-plan
role-session-name: GitHubActions
aws-region: eu-west-2
- uses: hashicorp/[email protected]
with:
terraform_version: latest
- name: Run terraform fmt
run: terraform fmt -check
continue-on-error: true
- name: Run terraform init
run: terraform init
- name: Run terraform validate
run: terraform validate -no-color
- name: Retrieve Slack Bot Token from AWS Secrets Manager
id: get_slack_bot_token
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
SLACK_INCOMING_WEBHOOK,aws-root-account-notifications-incoming-slack-webhook
aws-root-account-notifications-slack-information
parse-json-secrets: true
- name: Send initial message to Slack
id: slack_message
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d #v2.0.0
with:
webhook: ${{ env.SLACK_INCOMING_WEBHOOK }}
webhook-type: incoming-webhook
payload: |
{
"text": ":information_source: Terraform Plan completed for *<${{ github.server_url }}/${{ github.repository }}|${{ github.repository }}>* at `${{ github.ref_name }}`.\n*Workflow:* `${{ github.workflow }}`\n*Run ID:* `${{ github.run_id }}`\n*Initiated by:* `${{ github.actor }}`"
}
- name: Run terraform plan and generate JSON payload
run: |
# Run Terraform plan and save to plan_output.txt
terraform plan -no-color > plan_output.txt
- name: Send Terraform plan output to Slack
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d #v2.0.0
with:
token: ${{ env.AWS_ROOT_ACCOUNT_NOTIFICATIONS_SLACK_INFORMATION_SLACK_BOT_TOKEN }}
method: files.uploadV2
payload: |
channel: ${{ env.AWS_ROOT_ACCOUNT_NOTIFICATIONS_SLACK_INFORMATION_SLACK_CHANNEL }}
initial_comment: Terraform output attached!
file: "plan_output.txt"
filename: "plan-output-${{ github.run_id }}.txt"