-
Notifications
You must be signed in to change notification settings - Fork 0
157 lines (125 loc) · 4.34 KB
/
terraform_checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: "Terraform checks"
on:
pull_request:
types:
- opened
- synchronize
- reopened
jobs:
tf_fmt:
name: tf format
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.2
- name: Check formatting of all terraform files
run: terraform fmt -check -recursive
tf_validate:
name: tf validate
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.2
- name: Terraform init meta folder
working-directory: terraform/meta
run: terraform init -backend=false
- name: Terraform validate meta folder
working-directory: terraform/meta
run: terraform validate
- name: Terraform init development shared folder
working-directory: terraform/development/shared
run: terraform init -backend=false
- name: Terraform init development per review app folder
working-directory: terraform/development/per_review_app
run: terraform init -backend=false
- name: Terraform validate development shared folder
working-directory: terraform/development/shared
run: terraform validate
- name: Terraform validate development per review app folder
working-directory: terraform/development/per_review_app
run: terraform validate
- name: Terraform init staging folder
working-directory: terraform/staging
run: terraform init -backend=false
- name: Terraform validate staging folder
working-directory: terraform/staging
run: terraform validate
- name: Terraform init production folder
working-directory: terraform/production
run: terraform init -backend=false
- name: Terraform validate production folder
working-directory: terraform/production
run: terraform validate
tflint:
name: tflint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.2
- name: Get terraform backend modules
working-directory: terraform/modules/backend
run: terraform get
- name: Get terraform meta modules
working-directory: terraform/meta
run: terraform get
- name: Get terraform development shared modules
working-directory: terraform/development/shared
run: terraform get
- name: Get terraform development per review app modules
working-directory: terraform/development/per_review_app
run: terraform get
- name: Get terraform staging modules
working-directory: terraform/staging
run: terraform get
- name: Get terraform production modules
working-directory: terraform/production
run: terraform get
- name: Cache plugin directory for tflint
uses: actions/cache@v3
with:
path: ~/.tflint.d/plugins
key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
- name: Set up tflint
uses: terraform-linters/setup-tflint@v3
with:
tflint_version: v0.47.0
- name: Init tflint
run: tflint --init
- name: Run tflint
run: tflint --recursive --config "$(pwd)/.tflint.hcl" --format=compact --color
tfsec:
name: tfsec
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run tfsec
uses: aquasecurity/tfsec-action@v1.0.3
with:
working_directory: terraform/
version: v1.28.1
checkov:
name: checkov
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Run checkov
uses: bridgecrewio/checkov-action@v12.2425.0
with:
output_format: cli
quiet: true # display only failed checks
framework: terraform
download_external_modules: true