authentik/.github/workflows/ci-aws-cfn.yml

---
name: CI - AWS cfn

on:
  push:
    branches:
      - main
      - next
      - version-*
  pull_request:
    branches:
      - main
      - version-*

env:
  POSTGRES_DB: authentik
  POSTGRES_USER: authentik
  POSTGRES_PASSWORD: "EK-5jnKfjrGRm<77"

jobs:
  check-changes-applied:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
      - name: Setup authentik env
        uses: ./.github/actions/setup
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v5
        with:
          node-version-file: lifecycle/aws/package.json
          cache: "npm"
          cache-dependency-path: lifecycle/aws/package-lock.json
      - working-directory: lifecycle/aws/
        run: |
          npm ci
      - name: Check changes have been applied
        run: |
          uv run make aws-cfn
          git diff --exit-code lifecycle/aws/template.yaml
  ci-aws-cfn-mark:
    if: always()
    needs:
      - check-changes-applied
    runs-on: ubuntu-latest
    steps:
      - uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # release/v1
        with:
          jobs: ${{ toJSON(needs) }}