timmyers/pulumi.yml

## pulumi.yml
name: pulumi

'on':
  push:
    branches:
      - main
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
      - labeled

permissions:
  id-token: write
  contents: read
  pull-requests: write

jobs:
  run-pulumi:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: haya14busa/action-cond@v1
        id: pulumi-op
        with:
          cond: ${{ github.event_name == 'pull_request' }}
          if_true: preview
          if_false: up
      - uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: arn:aws:iam::<AWS Account ID>:role/github
          aws-region: us-west-2
      - run: yarn install
      - uses: pulumi/actions@v3
        with:
          command: ${{ steps.pulumi-op.outputs.value }}
          comment-on-pr: true
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
	name: pulumi

	'on':
	push:
	branches:
	- main
	pull_request:
	types:
	- opened
	- synchronize
	- reopened
	- labeled

	permissions:
	id-token: write
	contents: read
	pull-requests: write

	jobs:
	run-pulumi:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: haya14busa/action-cond@v1
	id: pulumi-op
	with:
	cond: ${{ github.event_name == 'pull_request' }}
	if_true: preview
	if_false: up
	- uses: aws-actions/configure-aws-credentials@v1
	with:
	role-to-assume: arn:aws:iam::<AWS Account ID>:role/github
	aws-region: us-west-2
	- run: yarn install
	- uses: pulumi/actions@v3
	with:
	command: ${{ steps.pulumi-op.outputs.value }}
	comment-on-pr: true
	env:
	PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}