forked from fugue/regula-action
-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yaml
117 lines (117 loc) · 3.23 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: 'Regula'
description: 'Run regula'
inputs:
input_path:
description: |
Input paths for regula. This can be a space or newline-separated list of
terraform directories, terraform JSON plans, or a cloudformation templates.
Defaults to the root of your repository. Globbing expressions can also
be used.
required: false
config:
description: |
Path to .regula.yaml file. By default regula will look in the current working
directory and its parents.
required: false
environment_id:
description: |
Environment ID in Fugue
required: false
exclude:
description: |
Rule IDs or names to exclude. This can be a space or newline-separated list.
required: false
format:
description: |
Set the output format
required: false
include:
description: |
Custom rule and configuration paths passed in to the Regula interpreter. This can
be a space or newline-separated list.
required: false
input_type:
description: |
Limit which input types that regula will evaluate. Defaults to "auto", which
evaluates all supported types. This can be a space or newline-separated list.
Possible values are:
auto
tf-plan
cfn
tf
k8s
required: false
no_built_ins:
description: |
Disable built-in rules
required: false
default: "false"
no_config:
description: |
Do not look for or load a regula config file.
required: false
default: "false"
no_ignore:
description: |
Disable use of .gitignore
required: false
default: "false"
only:
description: |
Rule IDs or names to run. All other rules will be excluded. This can be a space or
newline-separated list.
required: false
severity:
description: |
The minimum severity where Regula will produce a non-zero exit code for failing
rules. Defaults to "unknown". Use "off" to always produce a zero exit code.
Possible values are:
unknown
informational
low
medium
high
critical
off
required: false
default: unknown
sync:
description: |
Fetch rules and configuration from Fugue
required: false
default: "false"
upload:
description: |
Upload rule results to Fugue
required: false
default: "false"
user_only:
description: |
Deprecated: use `no_built_ins` instead.
Disable the builtin Regula rules. Set to "true" if you only want to run
custom rules.
required: false
default: "false"
terraform_directory:
description: |
Deprecated: use `input_path` instead.
Directory where your terraform files are located. Defaults to the root of
your repository.
required: false
rego_paths:
description: |
Deprecated: use `include` instead.
Custom rule and configuration paths passed in to the Regula interpreter.
required: false
outputs:
rules_passed:
description: 'Number of passed rules'
rules_failed:
description: 'Number of failed rules'
controls_passed:
description: 'Number of passed controls'
controls_failed:
description: 'Number of failed controls'
runs:
using: 'docker'
image: 'Dockerfile'