-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #18 from clouddrove/1.0.2
update github-action & License update
- Loading branch information
Showing
15 changed files
with
379 additions
and
197 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,129 +1,49 @@ | ||
name: 'Terraform GitHub Actions' | ||
name: static-checks | ||
|
||
on: | ||
pull_request: | ||
branches: | ||
- master | ||
|
||
jobs: | ||
fmt: | ||
name: 'terraform fmt' | ||
versionExtract: | ||
name: Get min/max versions | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@master | ||
|
||
- name: 'Terraform Format' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'fmt' | ||
|
||
multi_node_non_vpc: | ||
name: 'multi_node_non_vpc' | ||
needs: fmt | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: 'Checkout' | ||
uses: actions/checkout@master | ||
|
||
- name: 'Configure AWS Credentials' | ||
uses: clouddrove/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} | ||
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} | ||
aws-region: us-east-2 | ||
|
||
- name: 'Terraform init multi_node_non_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'init' | ||
tf_actions_working_dir: ./_example/multi_node_non_vpc | ||
|
||
- name: 'Terraform validate multi_node_non_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'validate' | ||
tf_actions_working_dir: ./_example/multi_node_non_vpc | ||
- name: Terraform min/max versions | ||
id: minMax | ||
uses: clowdhaus/terraform-min-max@main | ||
outputs: | ||
minVersion: ${{ steps.minMax.outputs.minVersion }} | ||
maxVersion: ${{ steps.minMax.outputs.maxVersion }} | ||
|
||
- name: 'Terraform plan multi_node_non_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'plan' | ||
tf_actions_working_dir: ./_example/multi_node_non_vpc | ||
|
||
multi_node_vpc: | ||
name: 'multi_node_vpc' | ||
needs: fmt | ||
versionEvaluate: | ||
name: Evaluate Terraform versions | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@master | ||
needs: versionExtract | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
version: | ||
- ${{ needs.versionExtract.outputs.minVersion }} | ||
- ${{ needs.versionExtract.outputs.maxVersion }} | ||
directory: | ||
- _example/multi_node_non_vpc | ||
- _example/multi_node_vpc | ||
- _example/single_node_non_vpc | ||
- _example/single_node_vpc | ||
|
||
- name: 'Configure AWS Credentials' | ||
uses: clouddrove/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} | ||
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} | ||
aws-region: us-east-2 | ||
|
||
- name: 'Terraform init multi_node_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'init' | ||
tf_actions_working_dir: ./_example/multi_node_vpc | ||
|
||
- name: 'Terraform validate multi_node_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'validate' | ||
tf_actions_working_dir: ./_example/multi_node_vpc | ||
|
||
- name: 'Terraform plan multi_node_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'plan' | ||
tf_actions_working_dir: ./_example/multi_node_vpc | ||
|
||
single_node_non_vpc: | ||
name: 'single_node_non_vpc' | ||
needs: fmt | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@master | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: 'Configure AWS Credentials' | ||
uses: clouddrove/configure-aws-credentials@v1 | ||
- name: Install Terraform v${{ matrix.version }} | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }} | ||
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} | ||
aws-region: us-east-2 | ||
|
||
- name: 'Terraform init for single_node_non_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'init' | ||
tf_actions_working_dir: ./_example/single_node_non_vpc | ||
|
||
- name: 'Terraform validate for single_node_non_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'validate' | ||
tf_actions_working_dir: ./_example/single_node_non_vpc | ||
|
||
- name: 'Terraform plan for single_node_non_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'plan' | ||
tf_actions_working_dir: ./_example/single_node_non_vpc | ||
|
||
single_node_vpc: | ||
name: 'single_node_non_vpc' | ||
needs: fmt | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/checkout@master | ||
terraform_version: ${{ matrix.version }} | ||
|
||
- name: 'Configure AWS Credentials' | ||
uses: clouddrove/configure-aws-credentials@v1 | ||
|
@@ -132,53 +52,35 @@ jobs: | |
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }} | ||
aws-region: us-east-2 | ||
|
||
- name: 'Terraform init for single_node_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'init' | ||
tf_actions_working_dir: ./_example/single_node_vpc | ||
|
||
- name: 'Terraform validate for single_node_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'validate' | ||
tf_actions_working_dir: ./_example/single_node_vpc | ||
|
||
- name: 'Terraform plan for single_node_vpc' | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
actions_subcommand: 'plan' | ||
tf_actions_working_dir: ./_example/single_node_vpc | ||
|
||
|
||
pre-commit: | ||
name: 'Pre-Commit' | ||
needs: | ||
- fmt | ||
- multi_node_non_vpc | ||
- multi_node_vpc | ||
- single_node_non_vpc | ||
- single_node_vpc | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: 'Checkout' | ||
uses: actions/[email protected] | ||
|
||
- name: 'Install Tflint' | ||
- name: Init & validate v${{ matrix.version }} | ||
run: | | ||
curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash | ||
cd ${{ matrix.directory }} | ||
terraform init | ||
terraform validate | ||
- name: tflint | ||
uses: reviewdog/action-tflint@master | ||
with: | ||
github_token: ${{ secrets.GITHUB }} | ||
working_directory: ${{ matrix.directory }} | ||
fail_on_error: 'true' | ||
filter_mode: 'nofilter' | ||
flags: '--module' | ||
|
||
format: | ||
name: Check code format | ||
runs-on: ubuntu-latest | ||
needs: versionExtract | ||
|
||
- name: 'Pre-Commit 🔎' | ||
uses: pre-commit/[email protected] | ||
continue-on-error: true | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 | ||
|
||
- name: 'Slack Notification' | ||
uses: clouddrove/action-slack@v2 | ||
- name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }} | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
status: ${{ job.status }} | ||
fields: repo,author | ||
author_name: 'CloudDrove' | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required | ||
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required | ||
if: always() | ||
terraform_version: ${{ needs.versionExtract.outputs.maxVersion }} | ||
|
||
- name: Check Terraform format changes | ||
run: terraform fmt --recursive |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,7 +23,7 @@ jobs: | |
|
||
- name: 'Terratest for multi_node_non_vpc' | ||
if: ${{ github.event.label.name == 'terratest' }} | ||
uses: 'clouddrove/github-actions@v8.0' | ||
uses: 'clouddrove/github-actions@v9.0.2' | ||
with: | ||
actions_subcommand: 'terratest' | ||
tf_actions_working_dir: '_test/multi_node_non_vpc' | ||
|
@@ -32,8 +32,7 @@ jobs: | |
|
||
- name: 'Terratest for multi_node_vpc' | ||
if: ${{ github.event.label.name == 'terratest' }} | ||
uses: 'clouddrove/[email protected]' | ||
with: | ||
uses: 'clouddrove/[email protected] | ||
actions_subcommand: 'terratest' | ||
tf_actions_working_dir: '_test/multi_node_vpc' | ||
env: | ||
|
@@ -42,7 +41,7 @@ jobs: | |
|
||
- name: 'Terratest for single_node_non_vpc' | ||
if: ${{ github.event.label.name == 'terratest' }} | ||
uses: 'clouddrove/github-actions@v8.0' | ||
uses: 'clouddrove/github-actions@v9.0.2' | ||
with: | ||
actions_subcommand: 'terratest' | ||
tf_actions_working_dir: '_test/single_node_non_vpc' | ||
|
@@ -52,7 +51,7 @@ jobs: | |
|
||
- name: 'Terratest for single_node_vpc' | ||
if: ${{ github.event.label.name == 'terratest' }} | ||
uses: 'clouddrove/github-actions@v8.0' | ||
uses: 'clouddrove/github-actions@v9.0.2' | ||
with: | ||
actions_subcommand: 'terratest' | ||
tf_actions_working_dir: '_test/single_node_vpc' | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
name: tfsec | ||
on: | ||
pull_request: | ||
|
||
jobs: | ||
tfsec: | ||
name: tfsec sarif report | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- name: Clone repo | ||
uses: actions/checkout@master | ||
|
||
- name: tfsec | ||
uses: aquasecurity/[email protected] | ||
with: | ||
sarif_file: tfsec.sarif | ||
working_directory: _example | ||
full_repo_scan: true | ||
|
||
- name: Upload SARIF file | ||
uses: github/codeql-action/upload-sarif@v1 | ||
with: | ||
# Path to SARIF file relative to the root of the repository | ||
sarif_file: tfsec.sarif |
Oops, something went wrong.