Update terraform.yml

migara · May 2, 2024 · c74fbea · c74fbea
1 parent 3ad45fe
commit c74fbea
Showing 1 changed file with 15 additions and 13 deletions.
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -19,26 +19,27 @@ jobs:
       PANOS_USERNAME: ${{ secrets.PANOS_USERNAME }}
       PANOS_PASSWORD: ${{ secrets.PANOS_PASSWORD }}
       ASSUME_ROLE: ${{ secrets.ASSUME_ROLE }}
-      # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_REGION: "eu-west-2"
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      # OPA Checks
-      - name: Evaluate OPA Policy
-        id: opa_eval
-        uses: migara/test-action@master
+      - name: Setup OPA
+        uses: open-policy-agent/setup-opa@v2
         with:
-          tests: /tests/panos.rego
-          policy: /policy.yml
+          version: latest
+
+      - name: Run OPA Tests
+        id: opa_eval
+        run: |
+          echo "OPA=$(opa eval -i policy.yml -d tests/panos.rego data.panos)" >> "$GITHUB_OUTPUT"
+        
 
       - name: Set OPA Results
         uses: actions/[email protected]
         if: github.event_name == 'pull_request'
         env:
-          opa_results: ${{ steps.opa_eval.outputs.opa_results }}
+          opa_results: ${{ steps.opa_eval.outputs.OPA }}
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -47,7 +48,7 @@ jobs:
             const deny = opa_results.result[0].expressions[0].value.deny
 
             if (!allow) {
-              const output = `#### OPA Policy Violation 🤷 ❌
+              const output = `#### OPA Policy Violation 🚫
               #### Policy Violations
               
               ${deny.map(msg => `* ${msg}`).join("\n")}
@@ -64,6 +65,7 @@ jobs:
               console.log(context)
               process.exit(1);
             }
+        
       - name: configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
@@ -72,7 +74,7 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@v1
+        uses: hashicorp/setup-terraform@v3
         # with:
           # terraform_version: 0.13.0:
           # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
@@ -118,7 +120,7 @@ jobs:
         uses: actions/[email protected]
         if: github.event_name == 'pull_request'
         env:
-          opa_results: ${{ steps.opa_eval.outputs.opa_results }}
+          opa_results: ${{ steps.opa_eval.outputs.OPA }}
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |