cloud: reverse proxided connection from internet to tom as host #389
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Synchronize shared resources | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - "*" | |
| jobs: | |
| infrastruct: | |
| name: Infrastructural adaptations | |
| runs-on: tom | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout this repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Synchronize existing resources | |
| working-directory: ./cloud | |
| run: | | |
| nix develop -c tofu init | |
| nix develop -c tofu fmt -check | |
| nix develop -c tofu validate | |
| nix develop -c ./cloud.sh sync | |
| - name: Plan the upcoming change | |
| if: github.event_name == 'pull_request' | |
| working-directory: ./cloud | |
| run: | | |
| nix develop -c tofu plan | |
| - name: Actually apply the change | |
| if: github.ref == 'refs/heads/main' | |
| working-directory: ./cloud | |
| run: | | |
| nix develop -c tofu apply -auto-approve |