Feature #7

.github/workflows/deploy.yml

@@ -0,0 +1,65 @@
+name: OIDC Test
+on:
+  push:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+
+jobs:
+  access-s3:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ap-northeast-2
+          role-to-assume: arn:aws:iam::433331841346:role/cloudfencedemorole
+
+      - name: List files in S3 bucket
+        run: aws s3 ls cloudfence-bucket
+  terraform:
+    name: "Security Check, and Deploy"
+    runs-on: ubuntu-latest
+
+    env:
+      AWS_REGION: "ap-northeast-2"
+      TF_VERSION: "1.4.0"
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ap-northeast-2
+          role-to-assume: arn:aws:iam::433331841346:role/cloudfencedemorole
+
+      - name: "Checkout GitHub repository"
+        uses: actions/checkout@v3
+
+      # terraform 설치 및 초기화
+      - name: "Set up Terraform"
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ env.TF_VERSION }}
+      # trivy 설치 밀 실행
+      - name: Run Trivy IaC Scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: config
+          scan-ref: .
+
+      - name: "Terraform Init"
+        run: terraform init
+
+      - name: "Terraform Format"
+        run: terraform fmt
+
+      - name: "Terraform Validate"
+        run: terraform validate
+
+      - name: "Terraform Plan"
+        run: terraform plan -out=tfplan
+
+      - name: "Terraform Apply"
+        if: github.ref == 'refs/heads/feature-#7'
+        run: terraform apply -auto-approve tfplan
+

main.tf

@@ -0,0 +1,6 @@
+provider "aws" {
+  region = "ap-northeast-2"  # 서울 리전
+}
+
+
+