fix(github): finally working assuming roles

hearchco · Apr 11, 2024 · 9bf6b47 · 9bf6b47
1 parent 2c777d8
commit 9bf6b47
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 15 deletions.
diff --git a/aws/dev/github/main.tf b/aws/dev/github/main.tf
@@ -21,10 +21,7 @@ module "github_oidc" {
 module "github_backend_deploy" {
   source = "../../modules/github/role"
 
-  name       = "github-auth-backend-deploy"
-  repository = "hearchco/hearchco"
-  scope      = "event_type:deploy-backend"
-
+  name = "github-auth-backend-deploy"
   statements = [
     {
       actions = [

diff --git a/aws/modules/github/role/variables.tf b/aws/modules/github/role/variables.tf
@@ -14,13 +14,14 @@ variable "audience" {
 
 // "<org_name>/<repo_name>"
 variable "repository" {
-  type = string
+  type    = string
+  default = "hearchco/infra"
 }
 
 // to allow all branches use "ref:refs/heads/*", to allow everything from the repo use "*"
-// for dispatched events use "event_type:<event_type_name>"
 variable "scope" {
-  type = string
+  type    = string
+  default = "*"
 }
 
 variable "statements" {

diff --git a/aws/prod/github/main.tf b/aws/prod/github/main.tf
@@ -21,10 +21,7 @@ module "github_oidc" {
 module "github_backend_deploy" {
   source = "../../modules/github/role"
 
-  name       = "github-auth-backend-deploy"
-  repository = "hearchco/hearchco"
-  scope      = "event_type:deploy-backend"
-
+  name = "github-auth-backend-deploy"
   statements = [
     {
       actions = [

diff --git a/aws/shared/github/main.tf b/aws/shared/github/main.tf
@@ -21,10 +21,7 @@ module "github_oidc" {
 module "github_shared_tf_state" {
   source = "../../modules/github/role"
 
-  name       = "github-auth-shared-tf-state"
-  repository = "hearchco/hearchco"
-  scope      = "event_type:deploy-backend"
-
+  name = "github-auth-shared-tf-state"
   statements = [
     {
       actions = [