-
Notifications
You must be signed in to change notification settings - Fork 25
63 lines (51 loc) · 1.59 KB
/
tf-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
name: "TF template tests"
on: [workflow_dispatch, pull_request]
jobs:
ValidateTF:
runs-on: ubuntu-latest
name: "Validate Terraform module"
steps:
- name: Checkout
uses: actions/checkout@v3
- name: terraform validate
uses: dflook/terraform-validate@v1
with:
directory: aws-observability-terraform/
ValidateLinting:
runs-on: ubuntu-latest
name: "Terraform template linting verification"
steps:
- uses: actions/checkout@v4
name: Checkout source code
- uses: actions/cache@v4
name: Cache plugin dir
with:
path: ~/.tflint.d/plugins
key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
- uses: terraform-linters/setup-tflint@v4
name: Setup TFLint
with:
tflint_version: v0.50.3
- name: Show version
run: tflint --version
- name: Init TFLint
run: tflint --init
env:
GITHUB_TOKEN: ''
- name: Run TFLint
run: tflint -f compact
TFSecurityChecks:
name: "terraform template tests using checkov"
runs-on: "ubuntu-latest"
steps:
- name: Checkout repo
uses: actions/checkout@v3
- uses: bridgecrewio/checkov-action@master
with:
directory: 'aws-observability-terraform/'
quiet: true
framework: terraform
output_format: cli
output_bc_ids: false
download_external_modules: true
skip_check: CKV_AWS_26,CKV_AWS_35,CKV_AWS_67,CKV_AWS_36,CKV_AWS_252,CKV_AWS_158,CKV_AWS_338,CKV_AWS_117,CKV_AWS_115,CKV_AWS_173,CKV_AWS_50,CKV_AWS_241,CKV_AWS_240