cloud: reverse proxided connection from internet to tom as host #392
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Synchronize shared resources | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - "*" | |
| jobs: | |
| infrastruct: | |
| name: Infrastructural adaptations | |
| runs-on: tom | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Checkout this repo | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Synchronize existing resources | |
| working-directory: ./cloud | |
| run: | | |
| nix develop -c tofu init | |
| nix develop -c tofu fmt -check | |
| nix develop -c tofu validate | |
| nix develop -c ./cloud.sh sync | |
| - name: Plan the upcoming change | |
| if: github.event_name == 'pull_request' | |
| working-directory: ./cloud | |
| run: | | |
| nix run .# plan | |
| - name: Actually apply the change | |
| if: github.ref == 'refs/heads/main' | |
| working-directory: ./cloud | |
| run: | | |
| nix run .# apply -auto-approve |