From 1015698470c283ba063ed9f0fb646283d7268815 Mon Sep 17 00:00:00 2001
From: furiousme <shuptaroks@gmail.com>
Date: Mon, 30 Sep 2024 14:37:45 +0300
Subject: [PATCH] fix: workflow adjustments

---
 .github/workflows/terraform.yml | 34 ++++++++++++---------------------
 main.tf                         |  8 +++++---
 2 files changed, 17 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
index 9fa759a..eaa1cfa 100644
--- a/.github/workflows/terraform.yml
+++ b/.github/workflows/terraform.yml
@@ -1,6 +1,13 @@
 name: Terraform Workflow
 
+permissions:
+  id-token: write
+  contents: read
+
 on:
+  push:
+    branches:
+      - main
   pull_request:
     branches:
       - main
@@ -9,32 +16,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
-        with:
-          terraform_version: 1.9.6
+        uses: actions/checkout@v4
 
-      - name: Terraform Format Check
-        run: terraform fmt -check
-  terraform-plan:
-    runs-on: ubuntu-latest
-    needs: terraform-check
-    permissions:
-      id-token: write
-      contents: read
-    steps:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
         with:
           terraform_version: 1.9.6
-
+      
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GithubActionsRole
           aws-region: us-east-1
+          role-duration-seconds: 1200
 
       - name: Terraform Init
         run: terraform init
@@ -43,14 +37,9 @@ jobs:
         run: terraform plan
   terraform-apply:
     runs-on: ubuntu-latest
-    needs: terraform-plan
-    permissions:
-      id-token: write
-      contents: read
-    if: github.ref == 'refs/heads/main'
     steps:
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v2
+        uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.9.6
 
@@ -58,6 +47,7 @@ jobs:
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GithubActionsRole
+          role-duration-seconds: 1200
           aws-region: us-east-1
 
       - name: Terraform Init
diff --git a/main.tf b/main.tf
index 3e3eef7..9dfe488 100644
--- a/main.tf
+++ b/main.tf
@@ -11,9 +11,11 @@ resource "aws_iam_role" "github_actions_role" {
           Federated : "arn:aws:iam::${var.account_id}:oidc-provider/token.actions.githubusercontent.com"
         },
         Condition = {
-          StringEquals = {
-            "token.actions.githubusercontent.com:aud" : "sts.amazonaws.com",
-            "token.actions.githubusercontent.com:sub" : "repo:${var.gh_username}/rsschool-devops-course-tasks:ref:refs/heads/main"
+          StringLike : {
+            "token.actions.githubusercontent.com:sub" : "repo:${var.gh_username}/rsschool-devops-course-tasks:*"
+          },
+          StringEquals : {
+            "token.actions.githubusercontent.com:aud" : "sts.amazonaws.com"
           }
         }
       },