[CAI-118] Presidio #720
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Review Infra | |
| on: | |
| pull_request: | |
| branches: '**' | |
| # Run only if there are at least one change matching the following paths | |
| paths: | |
| - 'apps/infrastructure/src/**' | |
| - '.github/workflows/code_review_infra.yaml' | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| infrastructure_checks: | |
| strategy: | |
| matrix: | |
| environment: [dev, prod] | |
| fail-fast: false # Do not cancel any other jobs in the matrix, if a single job fails | |
| name: Infra checks | |
| runs-on: ubuntu-latest | |
| environment: ${{ matrix.environment }} | |
| concurrency: | |
| group: terraform-${{ matrix.environment }} | |
| cancel-in-progress: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Setup Node.JS | |
| uses: ./.github/actions/setup-node | |
| - name: Install dependencies | |
| run: npm ci --audit=false --fund=false | |
| - name: Compile Cloudfront Functions | |
| run: npm run compile -w cloudfront-functions | |
| - name: Build Cognito Functions | |
| run: npm run build -w cognito-functions | |
| - name: Configure AWS Credentials | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws_region: 'eu-south-1' | |
| role_to_assume: ${{ secrets.IAM_ROLE }} | |
| - name: Setup Terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| environment: ${{ matrix.environment }} | |
| - name: Terraform Plan | |
| working-directory: apps/infrastructure/src | |
| run: ./terraform.sh plan ${{ matrix.environment }} |