-
Notifications
You must be signed in to change notification settings - Fork 3
44 lines (43 loc) · 1.45 KB
/
deploy-pulumi.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: Pulumi Deploy
on:
push:
branches:
- main
paths:
- pulumi/**
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
GITHUB_TOKEN: ${{ secrets.PULUMI_GITHUB_TOKEN }}
jobs:
preview:
runs-on: ubuntu-latest
strategy:
fail-fast: false
# This IAM Matrix should have a name with the stack name and an iamRole
# with access to deploy AWS resources in you account. The easiest method is attaching AdministratorAccess Policy to role.
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for details on implementing OIDC with Github Actions
matrix:
arrays: [
stack: {name: "hub", iamRole: "arn:aws:iam::753080021511:role/pulumi-github-actions"},
stack: {name: "dev", iamRole: "arn:aws:iam::753080021511:role/pulumi-github-actions"},
]
permissions:
id-token: write
contents: read
name: Deploy
steps:
- uses: actions/checkout@v2
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ matrix.arrays.stack.iamRole }}
aws-region: us-east-2
- run: |
cd ./pulumi
npm install
- uses: pulumi/actions@v3
with:
color: auto
command: up
work-dir: ./pulumi
stack-name: ${{ matrix.arrays.stack.name }}