Skip to content

Commit

Permalink
Merge pull request #176 from SumoLogic/SUMO-238066-TF-checkov-changes
Browse files Browse the repository at this point in the history
SUMO-238066: TF checkov changes
  • Loading branch information
himanshu219 authored Apr 4, 2024
2 parents c5c40bd + 3b5fb60 commit eea1d79
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 0 deletions.
65 changes: 65 additions & 0 deletions .github/workflows/tf-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
name: "TF template tests"
on: [workflow_dispatch, pull_request]

jobs:
ValidateTF:
runs-on: ubuntu-latest
name: "Validate Terraform module for AWSO"
steps:
- name: Checkout
uses: actions/checkout@v3

- name: terraform validate
uses: dflook/terraform-validate@v1
with:
path: aws-observability-terraform/

ValidateLinting:
runs-on: ubuntu-latest
name: "Terraform template linting verification for AWSO"

steps:
- uses: actions/checkout@v4
name: Checkout source code

- name: Change directory
run: cd aws-observability-terraform/

- uses: actions/cache@v4
name: Cache plugin dir
with:
path: ~/.tflint.d/plugins
key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}

- uses: terraform-linters/setup-tflint@v4
name: Setup TFLint
with:
tflint_version: v0.50.3

- name: Show version
run: tflint --version

- name: Init TFLint
run: tflint --init
env:
GITHUB_TOKEN: ''

- name: Run TFLint
run: tflint --recursive -f checkstyle

TFSecurityChecks:
name: "terraform template tests using checkov for AWSO"
runs-on: "ubuntu-latest"
steps:
- name: Checkout repo
uses: actions/checkout@v3

- uses: bridgecrewio/checkov-action@master
with:
directory: 'aws-observability-terraform/'
quiet: true
framework: terraform
output_format: cli
output_bc_ids: false
download_external_modules: true
skip_check: CKV_AWS_26,CKV_AWS_35,CKV_AWS_67,CKV_AWS_36,CKV_AWS_252,CKV_AWS_158,CKV_AWS_338,CKV_AWS_117,CKV_AWS_115,CKV_AWS_173,CKV_AWS_50,CKV_AWS_241,CKV_AWS_240,CKV2_AWS_6,CKV2_AWS_62,CKV_AWS_144,CKV_AWS_18,CKV_AWS_21,CKV_AWS_145,CKV_TF_1,CKV_AWS_27,CKV_AWS_124,CKV2_AWS_10,CKV_AWS_272,CKV2_AWS_61
10 changes: 10 additions & 0 deletions aws-observability-terraform/.tflint.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
plugin "aws" {
enabled = true
version = "0.30.0"
source = "github.com/terraform-linters/tflint-ruleset-aws"
}

plugin "terraform" {
enabled = true
preset = "recommended"
}

0 comments on commit eea1d79

Please sign in to comment.