diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..8de26da --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,65 @@ +name: OIDC Test +on: + push: + workflow_dispatch: + +permissions: + id-token: write + +jobs: + access-s3: + runs-on: ubuntu-latest + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ap-northeast-2 + role-to-assume: arn:aws:iam::433331841346:role/cloudfencedemorole + + - name: List files in S3 bucket + run: aws s3 ls cloudfence-bucket + terraform: + name: "Security Check, and Deploy" + runs-on: ubuntu-latest + + env: + AWS_REGION: "ap-northeast-2" + TF_VERSION: "1.4.0" + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ap-northeast-2 + role-to-assume: arn:aws:iam::433331841346:role/cloudfencedemorole + + - name: "Checkout GitHub repository" + uses: actions/checkout@v3 + + # terraform 설치 및 초기화 + - name: "Set up Terraform" + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: ${{ env.TF_VERSION }} + # trivy 설치 밀 실행 + - name: Run Trivy IaC Scan + uses: aquasecurity/trivy-action@master + with: + scan-type: config + scan-ref: . + + - name: "Terraform Init" + run: terraform init + + - name: "Terraform Format" + run: terraform fmt + + - name: "Terraform Validate" + run: terraform validate + + - name: "Terraform Plan" + run: terraform plan -out=tfplan + + - name: "Terraform Apply" + if: github.ref == 'refs/heads/feature-#7' + run: terraform apply -auto-approve tfplan + diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..57f155b --- /dev/null +++ b/main.tf @@ -0,0 +1,6 @@ +provider "aws" { + region = "ap-northeast-2" # 서울 리전 +} + + +