Update TFLint plugin terraform-linters/tflint-ruleset-aws to v0.31.0 #461
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to ECR and Lambda | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| ECR_REPOSITORY: lambda-python-custom | |
| TF_DIR: infra/tf | |
| jobs: | |
| build-push-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubActionsAccess | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Docker Build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| load: true | |
| tags: | | |
| ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: false | |
| - name: Docker Build and Push | |
| uses: docker/build-push-action@v5 | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| with: | |
| context: . | |
| push: true | |
| tags: | | |
| ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} | |
| ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| provenance: false | |
| - uses: actions/cache@v4 | |
| name: Cache TFLint plugin dir | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: ${{ runner.os }}-tflint-${{ hashFiles('**/.tflint.hcl') }} | |
| - uses: terraform-linters/setup-tflint@v4 | |
| name: Setup TFLint | |
| with: | |
| tflint_version: v0.50.3 | |
| - name: Init TFLint | |
| run: cd ${{ env.TF_DIR }} && tflint --init | |
| - name: Show TFLint version | |
| run: cd ${{ env.TF_DIR }} && tflint --version | |
| - name: Run TFLint | |
| run: cd ${{ env.TF_DIR }} && tflint -f compact | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.6.6 | |
| - name: Config Terraform plugin cache | |
| run: | | |
| echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc | |
| mkdir --parents ~/.terraform.d/plugin-cache | |
| - name: Cache Terraform | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.terraform.d/plugin-cache | |
| key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} | |
| restore-keys: | | |
| ${{ runner.os }}-terraform- | |
| - name: Check Terraform Format | |
| id: fmt | |
| run: terraform -chdir='${{ env.TF_DIR }}' fmt -recursive -check | |
| - name: Terraform Init | |
| id: init | |
| run: terraform -chdir='${{ env.TF_DIR }}' init | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform -chdir='${{ env.TF_DIR }}' validate -no-color | |
| - name: Terraform Plan | |
| id: plan | |
| run: terraform -chdir='${{ env.TF_DIR }}' plan -var 'image_tag=${{ github.sha }}' -no-color -out=tfplan | |
| continue-on-error: true | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| id: apply | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| run: terraform -chdir='${{ env.TF_DIR }}' apply -auto-approve tfplan | |
| continue-on-error: true |