-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add GCP auth at apply and simplify check-secure-estimate workflow #1
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let AWS credentials into th-check-secure-estimate
Ok for other changes
GCP credentials should be tested but it can be integrated right now
@@ -10,8 +10,6 @@ permissions: | |||
pull-requests: write | |||
|
|||
env: | |||
AWS_ACCESS_KEY_ID : "${{ secrets.AWS_ACCESS_KEY_ID }}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be declared to work with the check code step
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed, added -backend=false
, which should fix the check issue
@@ -98,14 +96,6 @@ jobs: | |||
with: | |||
terraform_wrapper: false | |||
|
|||
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok for this remove of init and plan for estimate cost
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added explicit init back in to ensure that it is executed withbackend = false
* Add Google auth file if the corresponding secret is set * Remove terraform plan from estimation job in check-secure-estimate workflow * Remove AWS-related auth env vars in check-secure-estimate workflow
Running
terraform plan
is not required to get estimates (and infracost runs init on its own if needed), and not running it makes it so that the whole workflow does not need to expose authentication information, hence the removal ofAWS_*
env.Adding GCP support for deployments via the
GOOGLE_APPLICATION_CREDENTIALS
file path. Repository owners should definesecrets.GOOGLE_APPLICATION_CREDENTIALS_CONTENT
with the content of their Google authentication file (Related terraform documentation: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#running-terraform-outside-of-google-cloud ). If the secret is not defined, the step is explicitly skipped and no file is created.