CLDC-3616: Attach new certs and remove dual certs #1376
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Terraform checks" | |
on: | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
jobs: | |
tf_fmt: | |
name: tf format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.5.2 | |
- name: Check formatting of all terraform files | |
run: terraform fmt -check -recursive | |
tf_validate: | |
name: tf validate | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.5.2 | |
- name: Terraform init meta folder | |
working-directory: terraform/meta | |
run: terraform init -backend=false | |
- name: Terraform validate meta folder | |
working-directory: terraform/meta | |
run: terraform validate | |
- name: Terraform init development shared folder | |
working-directory: terraform/development/shared | |
run: terraform init -backend=false | |
- name: Terraform init development per review app folder | |
working-directory: terraform/development/per_review_app | |
run: terraform init -backend=false | |
- name: Terraform validate development shared folder | |
working-directory: terraform/development/shared | |
run: terraform validate | |
- name: Terraform validate development per review app folder | |
working-directory: terraform/development/per_review_app | |
run: terraform validate | |
- name: Terraform init staging folder | |
working-directory: terraform/staging | |
run: terraform init -backend=false | |
- name: Terraform validate staging folder | |
working-directory: terraform/staging | |
run: terraform validate | |
- name: Terraform init production folder | |
working-directory: terraform/production | |
run: terraform init -backend=false | |
- name: Terraform validate production folder | |
working-directory: terraform/production | |
run: terraform validate | |
tflint: | |
name: tflint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.5.2 | |
- name: Get terraform backend modules | |
working-directory: terraform/modules/backend | |
run: terraform get | |
- name: Get terraform meta modules | |
working-directory: terraform/meta | |
run: terraform get | |
- name: Get terraform development shared modules | |
working-directory: terraform/development/shared | |
run: terraform get | |
- name: Get terraform development per review app modules | |
working-directory: terraform/development/per_review_app | |
run: terraform get | |
- name: Get terraform staging modules | |
working-directory: terraform/staging | |
run: terraform get | |
- name: Get terraform production modules | |
working-directory: terraform/production | |
run: terraform get | |
- name: Cache plugin directory for tflint | |
uses: actions/cache@v3 | |
with: | |
path: ~/.tflint.d/plugins | |
key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }} | |
- name: Set up tflint | |
uses: terraform-linters/setup-tflint@v3 | |
with: | |
tflint_version: v0.47.0 | |
- name: Init tflint | |
run: tflint --init | |
- name: Run tflint | |
run: tflint --recursive --config "$(pwd)/.tflint.hcl" --format=compact --color | |
tfsec: | |
name: tfsec | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Run tfsec | |
uses: aquasecurity/tfsec-action@v1.0.3 | |
with: | |
working_directory: terraform/ | |
version: v1.28.1 | |
checkov: | |
name: checkov | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Run checkov | |
uses: bridgecrewio/checkov-action@v12.2425.0 | |
with: | |
output_format: cli | |
quiet: true # display only failed checks | |
framework: terraform | |
download_external_modules: true |