Skip to content

Commit 638c4ff

Browse files
authored
Merge pull request #26 from clouddrove/1.0.1
github-action
2 parents 8892b1f + ce3e978 commit 638c4ff

File tree

8 files changed

+311
-117
lines changed

8 files changed

+311
-117
lines changed

.github/workflows/readme.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
python-version: '3.x'
1919

2020
- name: 'create readme'
21-
uses: 'clouddrove/github-actions@v8.0'
21+
uses: 'clouddrove/github-actions@v9.0.2'
2222
with:
2323
actions_subcommand: 'readme'
2424
github_token: '${{ secrets.GITHUB}}'
@@ -35,7 +35,7 @@ jobs:
3535
continue-on-error: true
3636

3737
- name: 'push readme'
38-
uses: 'clouddrove/github-actions@v8.0'
38+
uses: 'clouddrove/github-actions@v9.0.2'
3939
continue-on-error: true
4040
with:
4141
actions_subcommand: 'push'

.github/workflows/terraform.yml

Lines changed: 58 additions & 85 deletions
Original file line numberDiff line numberDiff line change
@@ -1,64 +1,47 @@
1-
name: 'Terraform GitHub Actions'
1+
name: static-checks
2+
23
on:
34
pull_request:
4-
branches:
5-
- master
65

76
jobs:
8-
fmt:
9-
name: 'terraform fmt'
7+
versionExtract:
8+
name: Get min/max versions
109
runs-on: ubuntu-latest
11-
steps:
12-
- name: 'Checkout'
13-
uses: actions/checkout@v2.3.4
14-
15-
- name: 'Terraform Format'
16-
uses: 'clouddrove/github-actions@v8.0'
17-
with:
18-
actions_subcommand: 'fmt'
19-
- name: 'Terraform Format'
20-
uses: 'clouddrove/github-actions@v8.0'
21-
with:
22-
actions_subcommand: 'fmt'
2310

24-
basic:
25-
name: 'basic'
26-
runs-on: ubuntu-latest
2711
steps:
28-
- name: 'Checkout'
29-
uses: actions/checkout@v2.3.4
12+
- name: Checkout
13+
uses: actions/checkout@v2
3014

31-
- name: 'Configure AWS Credentials'
32-
uses: clouddrove/configure-aws-credentials@v1
33-
with:
34-
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
35-
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
36-
aws-region: us-east-2
15+
- name: Terraform min/max versions
16+
id: minMax
17+
uses: clowdhaus/terraform-min-max@main
18+
outputs:
19+
minVersion: ${{ steps.minMax.outputs.minVersion }}
20+
maxVersion: ${{ steps.minMax.outputs.maxVersion }}
3721

38-
- name: 'Terraform init for basic'
39-
uses: 'clouddrove/github-actions@v8.0'
40-
with:
41-
actions_subcommand: 'init'
42-
tf_actions_working_dir: ./_example/basic
43-
44-
- name: 'Terraform validate for basic'
45-
uses: 'clouddrove/github-actions@v8.0'
46-
with:
47-
actions_subcommand: 'validate'
48-
tf_actions_working_dir: ./_example/basic
4922

50-
- name: 'Terraform plan for basic'
51-
uses: 'clouddrove/github-actions@v8.0'
52-
with:
53-
actions_subcommand: 'plan'
54-
tf_actions_working_dir: ./_example/basic
55-
56-
complete:
57-
name: 'complete'
23+
versionEvaluate:
24+
name: Evaluate Terraform versions
5825
runs-on: ubuntu-latest
26+
needs: versionExtract
27+
strategy:
28+
fail-fast: false
29+
matrix:
30+
version:
31+
- ${{ needs.versionExtract.outputs.minVersion }}
32+
- ${{ needs.versionExtract.outputs.maxVersion }}
33+
directory:
34+
- _example/basic
35+
- _example/complete
36+
5937
steps:
60-
- name: 'Checkout'
61-
uses: actions/checkout@v2.3.4
38+
- name: Checkout
39+
uses: actions/checkout@v2
40+
41+
- name: Install Terraform v${{ matrix.version }}
42+
uses: hashicorp/setup-terraform@v1
43+
with:
44+
terraform_version: ${{ matrix.version }}
6245

6346
- name: 'Configure AWS Credentials'
6447
uses: clouddrove/configure-aws-credentials@v1
@@ -67,45 +50,35 @@ jobs:
6750
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
6851
aws-region: us-east-2
6952

70-
- name: 'Terraform init for complete'
71-
uses: 'clouddrove/github-actions@v8.0'
72-
with:
73-
actions_subcommand: 'init'
74-
tf_actions_working_dir: ./_example/complete
53+
- name: Init & validate v${{ matrix.version }}
54+
run: |
55+
cd ${{ matrix.directory }}
56+
terraform init
57+
terraform validate
58+
7559
76-
- name: 'Terraform validate complete'
77-
uses: 'clouddrove/github-actions@v8.0'
60+
- name: tflint
61+
uses: reviewdog/action-tflint@master
7862
with:
79-
actions_subcommand: 'validate'
80-
tf_actions_working_dir: ./_example/complete
81-
82-
83-
pre-commit:
84-
name: 'Pre-Commit'
85-
needs:
86-
- fmt
87-
- basic
88-
- complete
63+
github_token: ${{ secrets.GITHUB }}
64+
working_directory: ${{ matrix.directory }}
65+
fail_on_error: 'true'
66+
filter_mode: 'nofilter'
67+
flags: '--module'
68+
69+
format:
70+
name: Check code format
8971
runs-on: ubuntu-latest
90-
steps:
91-
- name: 'Checkout'
92-
uses: actions/checkout@v2.3.4
72+
needs: versionExtract
9373

94-
- name: 'Install Tflint'
95-
run: |
96-
curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
97-
98-
- name: 'Pre-Commit 🔎'
99-
uses: pre-commit/action@v2.0.3
100-
continue-on-error: true
74+
steps:
75+
- name: Checkout
76+
uses: actions/checkout@v2
10177

102-
- name: 'Slack Notification'
103-
uses: clouddrove/action-slack@v2
78+
- name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
79+
uses: hashicorp/setup-terraform@v1
10480
with:
105-
status: ${{ job.status }}
106-
fields: repo,author
107-
author_name: 'CloudDrove'
108-
env:
109-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
110-
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
111-
if: always()
81+
terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
82+
83+
- name: Check Terraform format changes
84+
run: terraform fmt --recursive

.github/workflows/tfsec.yml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
name: tfsec
2+
on:
3+
pull_request:
4+
5+
jobs:
6+
tfsec:
7+
name: tfsec sarif report
8+
runs-on: ubuntu-latest
9+
10+
steps:
11+
- name: Clone repo
12+
uses: actions/checkout@master
13+
14+
- name: tfsec
15+
uses: aquasecurity/tfsec-sarif-action@v0.1.0
16+
with:
17+
sarif_file: tfsec.sarif
18+
working_directory: _example
19+
full_repo_scan: true
20+
21+
- name: Upload SARIF file
22+
uses: github/codeql-action/upload-sarif@v1
23+
with:
24+
# Path to SARIF file relative to the root of the repository
25+
sarif_file: tfsec.sarif

0 commit comments

Comments
 (0)