Add workflow_ref constraints. #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: push | |
| name: Terraform CI | |
| env: | |
| AWS_REGION: us-east-1 | |
| jobs: | |
| fmt: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_wrapper: false | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Run Terraform fmt | |
| shell: bash --noprofile --norc -exo pipefail {0} | |
| run: terraform fmt -check | |
| tflint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Import CI .env file | |
| uses: cardinalby/export-env-action@v1 | |
| with: | |
| envFile: '.github/ci-versions.env' | |
| expand: 'true' | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_wrapper: false | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Setup tflint | |
| run: | | |
| wget https://github.com/terraform-linters/tflint/releases/download/${{ env.TFLINT_VERSION }}/tflint_linux_amd64.zip | |
| unzip tflint_linux_amd64.zip | |
| chmod +x tflint | |
| sudo mv tflint /usr/local/bin/tflint | |
| - name: Run tflint | |
| run: tflint . | |
| tfsec: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Import CI .env file | |
| uses: cardinalby/export-env-action@v1 | |
| with: | |
| envFile: '.github/ci-versions.env' | |
| expand: 'true' | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_wrapper: false | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Setup tfsec | |
| run: | | |
| wget https://github.com/aquasecurity/tfsec/releases/download/${{ env.TFSEC_VERSION }}/tfsec-linux-amd64 | |
| chmod +x tfsec-linux-amd64 | |
| sudo mv tfsec-linux-amd64 /usr/local/bin/tfsec | |
| - name: Run tfsec | |
| shell: bash --noprofile --norc -exo pipefail {0} | |
| run: tfsec . | |
| checkov: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v2 | |
| - name: checkov | |
| id: checkov | |
| uses: bridgecrewio/checkov-action@c9e3e20671a02850d20e1b1dae97e34b39ff9b37 | |
| with: | |
| quiet: true | |
| framework: terraform | |
| output_format: github_failed_only # optional: the output format, one of: cli, json, junitxml, github_failed_only | |
| download_external_modules: true | |
| validate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Import CI .env file | |
| uses: cardinalby/export-env-action@v1 | |
| with: | |
| envFile: '.github/ci-versions.env' | |
| expand: 'true' | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_wrapper: false | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Validate Terraform code | |
| shell: bash --noprofile --norc -exo pipefail {0} | |
| run: terraform init && terraform validate |