Skip to content

Merge pull request #115 from imjoseangel/dependabot/terraform/hashico… #254

Merge pull request #115 from imjoseangel/dependabot/terraform/hashico…

Merge pull request #115 from imjoseangel/dependabot/terraform/hashico… #254

Workflow file for this run

---
name: 'Terraform'
on:
push:
branches:
- devel
pull_request:
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
id: setup
uses: hashicorp/setup-terraform@v2
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
id: init
run: terraform init
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
id: fmt
run: terraform fmt -check
# Validates the configuration files in a directory, referring only to the configuration and not accessing any remote services such as remote state, provider APIs, etc.
- name: Terraform Validate
id: validate
run: terraform validate
# Run the tfsec sarif check. Uses static analysis of your terraform templates to spot potential security issues.
- name: Terraform Security Analysis
id: tfsec
uses: tfsec/tfsec-sarif-action@master
with:
sarif_file: tfsec.sarif
# Uploads results.sarif to GitHub repository using the upload-sarif action
- name: Terraform Security Report
id: tfsarif
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: tfsec.sarif
# Static code analyzer for Infrastructure as Code
- name: Lint Code Base
id: superlinter
uses: github/super-linter@v4
env:
VALIDATE_ALL_CODEBASE: true
DEFAULT_BRANCH: devel
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VALIDATE_TERRAFORM: true
YAML_CONFIG_FILE: .yamllint
# Static code analyzer for Terrascan
- name: Terraform Scan Code Base
id: terrascan
uses: accurics/terrascan-action@v1
with:
iac_type: terraform
iac_version: v14
policy_type: azure
only_warn: false