actions-pipeline-resources
axetrading/actions-pipeline-resources/github
Terraform module for a GitHub Actions pipeline with access to AWS, without having to manage any credentials
GitHub Actions Pipeline Resources Terraform Module Resources to support a repo and pipeline in GitHub. This module creates a GitHub repo with an AWS IAM Role that an actions pipeline within the repo can assume. This is achieved without having to manage any credentials. Auth for assuming the role is achieved with GitHub's OIDC provider and identity federation - see: https://github.com/aws-actions/configure-aws-credentials Note that you have to configure the GitHub organisation via the owner GitHub provider config in the caller. To run the tests (don't currently test any behaviour, just provisioning and destroying) you need to have a GITHUB\_TOKEN exported that's a PAT (Personal Access Token) with the repo and read:org oauth scopes. Due to a bug (https://github.com/integrations/terraform-pro
| Name | Type | Description | Default |
|---|---|---|---|
| maintainer_team | string | Name of one team who maintains the pipeline. | |
| name | string | Name of the repo, used to name resources to make it easy to find the source | |
| tf_deps | object({ tfstate_bucket_na | Terraform depdendencies - `tfstate_bucket_name` and `tflocks_table_name` | |
| environments | map(object({ role_arn = st | {} | |
| assume_role_arns | list(string) | IAM Roles ARNs to allow the build role to assume | [] |
| build_policy_arns | list(string) | IAM Policy ARNs to attach to the build role | [] |
| allow_provisioning_services | list(string) | AWS service to add to the policy for provisioning (e.g. "s3") | [] |
| auto_init | bool | (Optional) Set to true to produce an initial commit in the repository. | false |
| archive_on_delete | bool | true |
repo_url — URL of the reporepo_name — Name of the repobuild_role_arn — ARN for the role to assume for the builds