diff --git a/.github/actions/build-and-push-image/action.yml b/.github/actions/build-and-push-image/action.yml index dc813c5..98b7b30 100644 --- a/.github/actions/build-and-push-image/action.yml +++ b/.github/actions/build-and-push-image/action.yml @@ -21,86 +21,90 @@ inputs: CUSTOM_BUILD_SCRIPT: description: "The custom build script to use" required: false + DOCKERFILE: + description: "The Dockerfile to use" + required: false + default: "Dockerfile" runs: using: "composite" steps: - - name: 🔐 Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ inputs.AWS_ROLE_ARN }} - role-session-name: GitHub-Action-Role - aws-region: ${{ inputs.AWS_REGION }} + - name: 🔐 Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ inputs.AWS_ROLE_ARN }} + role-session-name: GitHub-Action-Role + aws-region: ${{ inputs.AWS_REGION }} + + - name: 🔓 Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 - - name: 🔓 Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 + - name: 🧩 Parse ECR repositories + id: parse + shell: bash + run: | + if [ -n "${{ inputs.ECR_REPOSITORIES }}" ]; then + repos=$(echo "${{ inputs.ECR_REPOSITORIES }}" | tr ',' '\n') + elif [ -n "${{ inputs.ECR_REPOSITORY }}" ]; then + repos="${{ inputs.ECR_REPOSITORY }}" + else + echo "Error: Either ECR_REPOSITORY or ECR_REPOSITORIES must be provided." + exit 1 + fi - - name: 🧩 Parse ECR repositories - id: parse - shell: bash - run: | - if [ -n "${{ inputs.ECR_REPOSITORIES }}" ]; then - repos=$(echo "${{ inputs.ECR_REPOSITORIES }}" | tr ',' '\n') - elif [ -n "${{ inputs.ECR_REPOSITORY }}" ]; then - repos="${{ inputs.ECR_REPOSITORY }}" - else - echo "Error: Either ECR_REPOSITORY or ECR_REPOSITORIES must be provided." - exit 1 - fi - - echo "repos<> $GITHUB_OUTPUT - echo "$repos" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + echo "repos<> $GITHUB_OUTPUT + echo "$repos" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - # Build a multiline string of full ECR paths - images="" - for repo in $repos; do - images="$images\n${{ steps.login-ecr.outputs.registry }}/${repo}" - done + # Build a multiline string of full ECR paths + images="" + for repo in $repos; do + images="$images\n${{ steps.login-ecr.outputs.registry }}/${repo}" + done - # Write images to this step's output - echo "images<> $GITHUB_OUTPUT - echo -e "$images" >> $GITHUB_OUTPUT - echo "EOF" >> $GITHUB_OUTPUT + # Write images to this step's output + echo "images<> $GITHUB_OUTPUT + echo -e "$images" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT - - name: 🐳 Docker Metadata - uses: docker/metadata-action@v5 - id: meta - with: - images: "${{ steps.parse.outputs.images }}" - tags: | - latest - type=sha,prefix=sha-,format=long - type=ref,event=branch - type=ref,event=pr - type=ref,event=tag + - name: 🐳 Docker Metadata + uses: docker/metadata-action@v5 + id: meta + with: + images: "${{ steps.parse.outputs.images }}" + tags: | + latest + type=sha,prefix=sha-,format=long + type=ref,event=branch + type=ref,event=pr + type=ref,event=tag - - name: 🏗️ Build and push - if: ${{ !inputs.CUSTOM_BUILD_SCRIPT }} - uses: docker/build-push-action@v5 - with: - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - context: ${{ inputs.WORKING_DIRECTORY }} + - name: 🏗️ Build and push + if: ${{ !inputs.CUSTOM_BUILD_SCRIPT }} + uses: docker/build-push-action@v5 + with: + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + context: ${{ inputs.WORKING_DIRECTORY }} + file: ${{ inputs.WORKING_DIRECTORY }}/${{ inputs.DOCKERFILE || 'Dockerfile' }} - - name: 🏗️ Build and push images with custom script - if: ${{ inputs.CUSTOM_BUILD_SCRIPT }} - shell: bash - working-directory: ${{ inputs.WORKING_DIRECTORY }} - run: | - ${{ inputs.CUSTOM_BUILD_SCRIPT }} - repos="${{ steps.parse.outputs.repos }}" - tags="${{ steps.meta.outputs.tags }}" - for repo in $repos; do - echo "Processing repository: $repo" - for tag in $tags; do - if [[ $tag == *"$repo"* ]]; then - echo "Tagging and pushing: $tag for image $repo" - docker tag "$repo" "$tag" - docker push "$tag" - fi + - name: 🏗️ Build and push images with custom script + if: ${{ inputs.CUSTOM_BUILD_SCRIPT }} + shell: bash + working-directory: ${{ inputs.WORKING_DIRECTORY }} + run: | + ${{ inputs.CUSTOM_BUILD_SCRIPT }} + repos="${{ steps.parse.outputs.repos }}" + tags="${{ steps.meta.outputs.tags }}" + for repo in $repos; do + echo "Processing repository: $repo" + for tag in $tags; do + if [[ $tag == *"$repo"* ]]; then + echo "Tagging and pushing: $tag for image $repo" + docker tag "$repo" "$tag" + docker push "$tag" + fi + done done - done - diff --git a/.github/actions/deploy-ecs-service/action.yml b/.github/actions/deploy-ecs-service/action.yml index 00f4510..200174b 100644 --- a/.github/actions/deploy-ecs-service/action.yml +++ b/.github/actions/deploy-ecs-service/action.yml @@ -1,45 +1,49 @@ -name: '🚀 Deploy ECS service' -description: 'Deploy service on ECS with terraform' +name: "🚀 Deploy ECS service" +description: "Deploy service on ECS with terraform" inputs: AWS_REGION: - description: 'The AWS region to use' + description: "The AWS region to use" required: true default: eu-west-1 ENVIRONMENT: - description: 'Enter the environment.' + description: "Enter the environment." required: true AWS_DEPLOYMENT_ROLE: - description: 'The ARN of the AWS github-ci role the role to use for deployment' + description: "The ARN of the AWS github-ci role the role to use for deployment" required: true IMAGE_TAG: - description: 'The version tag of the image to deploy. Can be any image tag e.g. latest, 1.0.0, git sha' + description: "The version tag of the image to deploy. Can be any image tag e.g. latest, 1.0.0, git sha" required: true FORCE_NEW_DEPLOYMENT: - description: 'Force a new deployment even if the image tag is the same as the current deployment. E.g. latest' + description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" required: false default: false SERVICE_NAME: - description: 'The name of the service to deploy. Only required if force new deployment is true' + description: "The name of the service to deploy. Only required if force new deployment is true" required: false CLUSTER_NAME: - description: 'The name of the ECS cluster to deploy to. Only required if force new deployment is true' + description: "The name of the ECS cluster to deploy to. Only required if force new deployment is true" required: false TERRAFORM_VERSION: - description: 'The version of Terraform to use' + description: "The version of Terraform to use" required: false default: 1.9.8 PRE_APPLIED_RESOURCES: - description: 'Resources to apply before deploying' + description: "Resources to apply before deploying" required: false - default: '[]' + default: "[]" TERRAFORM_PATH: description: "The path to the terraform files" required: false default: "terraform" + SERVICES: + descritpion: "Only for deployment of mono repo and terraform in root" + required: false + default: "" runs: - using: 'composite' + using: "composite" steps: - name: Setup Terraform uses: hashicorp/setup-Terraform@v3 @@ -50,7 +54,7 @@ runs: shell: bash run: terraform --version - - name: 'Configure AWS Credentials' + - name: "Configure AWS Credentials" uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ inputs.AWS_DEPLOYMENT_ROLE }} @@ -83,3 +87,20 @@ runs: aws ecs wait services-stable \ --cluster ${{ inputs.CLUSTER_NAME }} \ --services ${{ inputs.SERVICE_NAME }} + + - name: service list + id: service_list + if: ${{ inputs.SERVICES }} + shell: bash + run: | + list=$(echo '${{ inputs.SERVICES }}' | jq -r ' . |map(.name) | join(" ")') + echo service_list=${list} + echo service_list=${list} >> $GITHUB_OUTPUT + + - name: Wait for all stable + shell: bash + if: ${{ inputs.SERVICES }} + run: | + aws ecs wait services-stable \ + --cluster ${{ inputs.CLUSTER_NAME }} \ + --services ${{ steps.service_list.outputs.service_list }} diff --git a/.github/workflows/main-deploy-mono-tf-global.yml b/.github/workflows/main-deploy-mono-tf-global.yml new file mode 100644 index 0000000..64d9db4 --- /dev/null +++ b/.github/workflows/main-deploy-mono-tf-global.yml @@ -0,0 +1,141 @@ +name: "🚀 Build and deploy to main" +on: + workflow_call: + inputs: + aws_dev_account_id: + required: true + type: string + aws_region: + default: eu-west-1 + type: string + github_ci_role_arn: + required: true + type: string + github_ci_ecr_role_arn: + required: true + type: string + services: + required: false + type: string + description: 'Services names when deploying multiple services. Should be a list of objects with keys "directory" and "name" e.g. [{"directory": "core", "name": "apro-core-service"}]' + cluster_name: + required: true + type: string + ecr_repository: + required: false + type: string + ecr_repositories: + required: false + type: string + custom_build_script: + required: false + type: string + terraform_version: + description: "Terraform version" + type: string + default: "1.9.8" + working_directory: + description: "Working directory" + type: string + default: "." + build_checkout_with_lfs: + description: "Checkout with LFS" + type: boolean + default: false + pre_applied_resources: + description: "Resources to apply before main deploy" + type: string + default: "[]" + + secrets: + token: + required: true + +permissions: + id-token: write # Required f. IAM Token + contents: write + +jobs: + terraform-quality-checks: + name: "✅ Terraform Quality checks" + uses: aproorg/github-workflows/.github/workflows/terraform-quality-checks.yml@main + with: + terraform_version: ${{ inputs.terraform_version }} + + get-next-version: + name: 🏷️ Get next version + runs-on: ubuntu-latest + outputs: + new_release_published: ${{ steps.get-next-version.outputs.new_release_published }} + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🏷️ Get next version + id: get-next-version + uses: aproorg/github-workflows/.github/actions/get-next-version@main + with: + github_token: ${{ secrets.token }} + + create-ecr-repo: + name: "🚀 Apply shared" + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: "🚀 Apply shared" + uses: aproorg/github-workflows/.github/actions/apply-shared@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + + build-and-push-all-images: + name: "️️️🏗️ Build and push all images" + strategy: + matrix: + include: ${{ fromJSON(inputs.services) }} + needs: + - terraform-quality-checks + - get-next-version + if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + with: + lfs: ${{ inputs.build_checkout_with_lfs }} + + - name: "️️️🏗️ Build and push image all images" + uses: aproorg/github-workflows/.github/actions/build-and-push-image@kistill + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} + WORKING_DIRECTORY: ${{ matrix.directory }} + ECR_REPOSITORY: ${{ matrix.ecr_repository }} + DOCKERFILE: ${{ matrix.dockerfile }} + + deploy-to-dev: + name: "🚀 Deploy to dev" + environment: dev + needs: + - build-and-push-all-images + - get-next-version + if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: "🚀 Deploy to dev" + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@kistill + with: + AWS_REGION: ${{ inputs.aws_region }} + ENVIRONMENT: dev + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} + IMAGE_TAG: ${{ format('sha-{0}', github.sha) }} + SERVICES: ${{ inputs.services }} + CLUSTER_NAME: ${{ inputs.cluster_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} diff --git a/.github/workflows/main-deploy.yml b/.github/workflows/main-deploy.yml index 72d755b..390340e 100644 --- a/.github/workflows/main-deploy.yml +++ b/.github/workflows/main-deploy.yml @@ -34,27 +34,27 @@ on: required: false type: string terraform_version: - description: 'Terraform version' + description: "Terraform version" type: string - default: '1.9.8' + default: "1.9.8" working_directory: - description: 'Working directory' + description: "Working directory" type: string - default: '.' + default: "." build_checkout_with_lfs: - description: 'Checkout with LFS' + description: "Checkout with LFS" type: boolean default: false use_latest_tag: - description: 'Use latest tag' + description: "Use latest tag" type: boolean default: true pre_applied_resources: - description: 'Resources to apply before main deploy' + description: "Resources to apply before main deploy" type: string - default: '[]' + default: "[]" force_new_deployment: - description: 'Force a new deployment even if the image tag is the same as the current deployment. E.g. latest' + description: "Force a new deployment even if the image tag is the same as the current deployment. E.g. latest" type: boolean default: true secrets: @@ -67,7 +67,7 @@ permissions: jobs: terraform-quality-checks: - name: '✅ Terraform Quality checks' + name: "✅ Terraform Quality checks" uses: aproorg/github-workflows/.github/workflows/terraform-quality-checks.yml@main with: terraform_version: ${{ inputs.terraform_version }} @@ -88,7 +88,7 @@ jobs: github_token: ${{ secrets.token }} unify-services: - name: '🤝 Unify service inputs' + name: "🤝 Unify service inputs" runs-on: ubuntu-latest outputs: final_services: ${{ steps.unify-services.outputs.final_services }} @@ -100,52 +100,50 @@ jobs: service_name: ${{ inputs.service_name }} services: ${{ inputs.services }} - create-ecr-repo: - name: '🚀 Apply shared' + name: "🚀 Apply shared" needs: unify-services strategy: matrix: include: ${{ fromJSON(needs.unify-services.outputs.final_services) }} runs-on: ubuntu-latest steps: - - name: 📁 Checkout - uses: actions/checkout@v4 + - name: 📁 Checkout + uses: actions/checkout@v4 - - name: '🚀 Apply shared' - uses: aproorg/github-workflows/.github/actions/apply-shared@main - with: - AWS_REGION: ${{ inputs.aws_region }} - AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} - TERRAFORM_VERSION: ${{ inputs.terraform_version }} - TERRAFORM_PATH: '${{ matrix.directory }}/terraform' + - name: "🚀 Apply shared" + uses: aproorg/github-workflows/.github/actions/apply-shared@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ECR_DEPLOYMENT_ROLE: ${{ inputs.github_ci_ecr_role_arn }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + TERRAFORM_PATH: "${{ matrix.directory }}/terraform" build-and-push-all-images: - name: '️️️🏗️ Build and push all images' + name: "️️️🏗️ Build and push all images" needs: - terraform-quality-checks - get-next-version if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} runs-on: ubuntu-latest steps: - - name: 📁 Checkout - uses: actions/checkout@v4 - with: - lfs: ${{ inputs.build_checkout_with_lfs }} - - - name: '️️️🏗️ Build and push image all images' - uses: aproorg/github-workflows/.github/actions/build-and-push-image@main - with: - AWS_REGION: ${{ inputs.aws_region }} - AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} - WORKING_DIRECTORY: ${{ inputs.working_directory }} - ECR_REPOSITORY: ${{ inputs.ecr_repository }} - ECR_REPOSITORIES: ${{ inputs.ecr_repositories }} - CUSTOM_BUILD_SCRIPT: ${{ inputs.custom_build_script }} + - name: 📁 Checkout + uses: actions/checkout@v4 + with: + lfs: ${{ inputs.build_checkout_with_lfs }} + - name: "️️️🏗️ Build and push image all images" + uses: aproorg/github-workflows/.github/actions/build-and-push-image@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} + WORKING_DIRECTORY: ${{ inputs.working_directory }} + ECR_REPOSITORY: ${{ inputs.ecr_repository }} + ECR_REPOSITORIES: ${{ inputs.ecr_repositories }} + CUSTOM_BUILD_SCRIPT: ${{ inputs.custom_build_script }} deploy-to-dev: - name: '🚀 Deploy to dev' + name: "🚀 Deploy to dev" strategy: matrix: include: ${{ fromJSON(needs.unify-services.outputs.final_services) }} @@ -157,19 +155,19 @@ jobs: if: ${{ needs.get-next-version.outputs.new_release_published == 'true' }} runs-on: ubuntu-latest steps: - - name: 📁 Checkout - uses: actions/checkout@v4 + - name: 📁 Checkout + uses: actions/checkout@v4 - - name: '🚀 Deploy to dev' - uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@main - with: - AWS_REGION: ${{ inputs.aws_region }} - ENVIRONMENT: dev - AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} - IMAGE_TAG: ${{ inputs.use_latest_tag && 'latest' || format('sha-{0}', github.sha) }} - FORCE_NEW_DEPLOYMENT: ${{ inputs.force_new_deployment }} - SERVICE_NAME: ${{ matrix.name }} - CLUSTER_NAME: ${{ inputs.cluster_name }} - TERRAFORM_VERSION: ${{ inputs.terraform_version }} - TERRAFORM_PATH: '${{ matrix.directory }}/terraform' - PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} + - name: "🚀 Deploy to dev" + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@main + with: + AWS_REGION: ${{ inputs.aws_region }} + ENVIRONMENT: dev + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_arn }} + IMAGE_TAG: ${{ inputs.use_latest_tag && 'latest' || format('sha-{0}', github.sha) }} + FORCE_NEW_DEPLOYMENT: ${{ inputs.force_new_deployment }} + SERVICE_NAME: ${{ matrix.name }} + CLUSTER_NAME: ${{ inputs.cluster_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + TERRAFORM_PATH: "${{ matrix.directory }}/terraform" + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} diff --git a/.github/workflows/release-deploy-mono-tf-global.yml b/.github/workflows/release-deploy-mono-tf-global.yml new file mode 100644 index 0000000..3157d30 --- /dev/null +++ b/.github/workflows/release-deploy-mono-tf-global.yml @@ -0,0 +1,113 @@ +name: 🚀 Release +on: + workflow_call: + inputs: + aws_region: + required: false + default: eu-west-1 + type: string + github_ci_ecr_role_arn: + required: true + type: string + deploy_to_staging: + required: false + type: boolean + default: true + deploy_to_prod: + required: false + type: boolean + default: true + github_ci_role_prod_arn: + required: false + type: string + github_ci_role_staging_arn: + required: false + type: string + terraform_version: + description: "Terraform version" + type: string + default: "1.9.8" + services: + required: false + type: string + description: 'Services names when deploying multiple services. Should be a list of objects with keys "directory" and "name" e.g. [{"directory": "core", "name": "apro-core-service"}]' + cluster_name_staging: + required: true + type: string + cluster_name_prod: + required: true + type: string + pre_applied_resources: + description: "Resources to apply before main deploy" + type: string + default: "[]" + +permissions: + id-token: write # Required f. IAM Token + contents: write + +jobs: + version-tag: + name: 🔖 Version tag image + strategy: + matrix: + include: ${{ fromJSON(inputs.services) }} + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🔖 Version tag image + uses: aproorg/github-workflows/.github/actions/retag-docker-image@main + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ROLE_ARN: ${{ inputs.github_ci_ecr_role_arn }} + ECR_REPOSITORY: ${{ matrix.ecr_repository }} + ECR_REPOSITORIES: ${{ matrix.ecr_repositories }} + VERSION_TAG: ${{ github.event.release.tag_name }} + + deploy-to-staging: + name: "🚀 Deploy to staging" + environment: staging + if: ${{ inputs.deploy_to_staging == true }} + needs: + - version-tag + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🚀 Deploy to staging + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@kistill + with: + AWS_REGION: ${{ inputs.aws_region }} + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_staging_arn }} + ENVIRONMENT: staging + IMAGE_TAG: ${{ github.event.release.tag_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + SERVICES: ${{ inputs.services }} + CLUSTER_NAME: ${{ inputs.cluster_name_staging }} + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} + + deploy-to-prod: + name: "🚀 Deploy to prod" + environment: prod + if: ${{ inputs.deploy_to_prod == true }} + needs: + - version-tag + runs-on: ubuntu-latest + steps: + - name: 📁 Checkout + uses: actions/checkout@v4 + + - name: 🚀 Deploy to prod + uses: aproorg/github-workflows/.github/actions/deploy-ecs-service@kistill + with: + AWS_REGION: ${{inputs.aws_region}} + AWS_DEPLOYMENT_ROLE: ${{ inputs.github_ci_role_prod_arn }} + ENVIRONMENT: prod + IMAGE_TAG: ${{ github.event.release.tag_name }} + TERRAFORM_VERSION: ${{ inputs.terraform_version }} + SERVICES: ${{ inputs.services }} + CLUSTER_NAME: ${{ inputs.cluster_name_prod }} + PRE_APPLIED_RESOURCES: ${{ inputs.pre_applied_resources }} diff --git a/.github/workflows/terraform-quality-checks.yml b/.github/workflows/terraform-quality-checks.yml index 9ac967d..be17761 100644 --- a/.github/workflows/terraform-quality-checks.yml +++ b/.github/workflows/terraform-quality-checks.yml @@ -8,6 +8,10 @@ on: description: "Terraform version" type: string default: "1.9.8" + working_directory: + description: "The working directory to use" + type: string + default: "." permissions: id-token: write # Required f. IAM Token @@ -63,6 +67,7 @@ jobs: tfenv --version - name: "🔍 Lint Terraform" + working-directory: ${{ inputs.working_directory }} run: | tflint --recursive tfsec