more test workflaow

jarrod-lowe · Aug 3, 2024 · 4d1c07e · 4d1c07e
1 parent 4342c98
commit 4d1c07e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/.github/workflows/environment-test.yaml b/.github/workflows/environment-test.yaml
@@ -15,14 +15,19 @@ jobs:
     name: Environment Test
     runs-on: ubuntu-latest
     environment: main
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
     - name: Checkout code
       uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
     - name: Configure AWS Access
-      uses: aws-actions/configure-aws-credentials@v1.7.0
+      uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838
       with:
         role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/GitHubAction-Wildsea
         role-session-name: GitHubTest
         aws-region: ${{ secrets.AWS_REGION }}
-    - name: GetCallerIdentity
-      run: aws sts get-caller-identity
+    - name: terraform plan
+      uses: dflook/terraform-plan@v1
+      with:
+        path: terraform/environment/github
+
diff --git a/README.md b/README.md
@@ -23,6 +23,10 @@ To set up a github repository:
   * Block force pushes
   * TODO: Require code scanning results
 * Install <https://github.com/apps/renovate> into the repo
+* Under settings, "Set up code scanning"
+  * Enable everything exeept Dependabot version updates
+  * Set up CodeQL to default
+  * Set the Protection rules to Any/Any
 * Create an AWS Account for deployment
   * Set up OIDC as per <https://aws.amazon.com/blogs/security/use-iam-roles-to-connect-github-actions-to-actions-in-aws/>
   * Restrict it to the repo and branch main

diff --git a/terraform/environment/github/main.tf b/terraform/environment/github/main.tf
@@ -1 +1,7 @@
 resource "null_resource" "test" {}
+
+data "aws_region" "current" {}
+
+output "aws_region" {
+    value = data.aws_region.current.id
+}