authentik/.github/workflows/ci-aws-cfn.yml

---
name: CI - AWS cfn

on:
  push:
    branches:
      - main
      - next
      - version-*
  pull_request:
    branches:
      - main
      - version-*

env:
  POSTGRES_DB: authentik
  POSTGRES_USER: authentik
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"

jobs:
  check-changes-applied:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v5
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v5
        with:
          node-version-file: lifecycle/aws/package.json
          cache: "npm"
          cache-dependency-path: lifecycle/aws/package-lock.json
      - working-directory: lifecycle/aws/
        run: |
          npm ci
      - name: Check changes have been applied
        run: |
          uv run make aws-cfn
          git diff --exit-code lifecycle/aws/template.yaml
  ci-aws-cfn-mark:
    if: always()
    needs:
      - check-changes-applied
    runs-on: ubuntu-latest
    steps:
      - uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
        with:
          jobs: ${{ toJSON(needs) }}