[#227] Migrate from tfsec to Trivy #39
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Generated Project | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| # env: | |
| # TERRAFORM_VERSION: "1.5.5" | |
| jobs: | |
| test-generated-project: | |
| name: Run Tests Generated Project | |
| strategy: | |
| matrix: | |
| node-version: [16.x, 18.x] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| - name: Cache Node npm | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-infrastructure-templates-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-infrastructure-templates | |
| - name: Install modules | |
| run: npm ci | |
| - name: Generate project | |
| run: . ./scripts/generateAdvancedAWS.sh | |
| - name: Install dependencies in .tool-versions | |
| uses: asdf-vm/actions/install@v2 | |
| - name: Run Terraform format | |
| run: terraform fmt -recursive -check | |
| - name: Run check files | |
| run: cd aws-advanced-test && ls -l && cat ./modules/alb/main.tf | |
| - name: Run trivy linter | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: 'aws-advanced-test' | |
| trivy-config: 'aws-advanced-test/trivy.yaml' | |
| # run: ls -l && trivy fs --scanners vuln,secret,misconfig --exit-code 1 ./aws-advanced-test | |
| # continue-on-error: false |