Skip to content

BFD-3219: Remove Ansible Vault Password and Permissions #11231

BFD-3219: Remove Ansible Vault Password and Permissions

BFD-3219: Remove Ansible Vault Password and Permissions #11231

Workflow file for this run

name: 'CI - Terraform'
on:
pull_request:
merge_group:
env:
# workflow file matchers - workflow jobs will only run if matching files are found
# please see https://github.com/CMSgov/beneficiary-fhir-data/pull/773 for why we
# are using this workflow logic
workflow_files_re: ^ops/
jobs:
workflow:
name: Checking workflow
runs-on: ubuntu-20.04
outputs:
files: ${{ steps.workflow_files.outputs.files }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 2
- id: workflow_files
run: |
echo "::set-output name=files::$(git diff --name-only --diff-filter=ACMRTD HEAD^ HEAD | grep -E '${{ env.workflow_files_re }}')"
tf-validate:
runs-on: ubuntu-20.04
needs: workflow
if: needs.workflow.outputs.files
strategy:
matrix:
tf_version: ['0.12.31']
tf_environment: [test, prod-sbx, prod, mgmt]
tf_resources: [stateless, stateful]
steps:
- name: 'Checkout repo'
uses: actions/checkout@v3
- name: 'Run terraform init'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: ${{ matrix.tf_version }}
tf_actions_subcommand: init
tf_actions_working_dir: ./ops/terraform/env/${{ matrix.tf_environment }}/${{ matrix.tf_resources }}/
tf_actions_comment: false
args: '-backend=false'
- name: 'Run terraform validate'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: ${{ matrix.tf_version }}
tf_actions_subcommand: validate
tf_actions_working_dir: ./ops/terraform/env/${{ matrix.tf_environment }}/${{ matrix.tf_resources }}/
tf_actions_comment: false