EntraID SCIM: This really is better done in Terraform #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: terraform plan (entraid-scim) | |
on: | |
workflow_dispatch: | |
pull_request: | |
paths: | |
- 'entraid-scim/terraform/**' | |
- '.github/workflows/entraid-scim-plan.yml' | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: false | |
jobs: | |
plan: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
defaults: | |
run: | |
working-directory: ./entraid-scim/terraform | |
steps: | |
- uses: actions/[email protected] | |
- uses: aws-actions/[email protected] | |
with: | |
role-to-assume: arn:aws:iam::${{ secrets.AWS_ROOT_ACCOUNT_ID }}:role/github-actions-plan | |
role-session-name: GitHubActions | |
aws-region: eu-west-2 | |
- uses: hashicorp/[email protected] | |
with: | |
terraform_version: latest | |
- name: Run terraform fmt | |
run: terraform fmt -check | |
continue-on-error: true | |
- name: Run terraform init | |
run: terraform init | |
- name: Run terraform validate | |
run: terraform validate -no-color | |
- name: Retrieve Slack Bot Token from AWS Secrets Manager | |
id: get_slack_bot_token | |
uses: aws-actions/aws-secretsmanager-get-secrets@v2 | |
with: | |
secret-ids: | | |
SLACK_INCOMING_WEBHOOK,aws-root-account-notifications-incoming-slack-webhook | |
aws-root-account-notifications-slack-information | |
parse-json-secrets: true | |
- name: Send initial message to Slack | |
id: slack_message | |
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d #v2.0.0 | |
with: | |
webhook: ${{ env.SLACK_INCOMING_WEBHOOK }} | |
webhook-type: incoming-webhook | |
payload: | | |
{ | |
"text": ":information_source: Terraform Plan completed for *<${{ github.server_url }}/${{ github.repository }}|${{ github.repository }}>* at `${{ github.ref_name }}`.\n*Workflow:* `${{ github.workflow }}`\n*Run ID:* `${{ github.run_id }}`\n*Initiated by:* `${{ github.actor }}`" | |
} | |
- name: Run terraform plan and generate JSON payload | |
run: | | |
# Run Terraform plan and save to plan_output.txt | |
terraform plan -no-color > plan_output.txt | |
- name: Send Terraform plan output to Slack | |
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d #v2.0.0 | |
with: | |
token: ${{ env.AWS_ROOT_ACCOUNT_NOTIFICATIONS_SLACK_INFORMATION_SLACK_BOT_TOKEN }} | |
method: files.uploadV2 | |
payload: | | |
channel: ${{ env.AWS_ROOT_ACCOUNT_NOTIFICATIONS_SLACK_INFORMATION_SLACK_CHANNEL }} | |
initial_comment: Terraform output attached! | |
file: "plan_output.txt" | |
filename: "plan-output-${{ github.run_id }}.txt" |