Skip to content

bump google tf provider to 5.24.0 release (#1061) #640

bump google tf provider to 5.24.0 release (#1061)

bump google tf provider to 5.24.0 release (#1061) #640

Workflow file for this run

name: Terraform Checks
on:
workflow_dispatch:
pull_request:
paths:
- 'terraform/**'
push:
branches:
- main
paths:
- 'terraform/**'
permissions:
contents: read
jobs:
terraform-fmt:
name: 'Terraform fmt'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v2.0.0
with:
# TODO: extract terraform from the tf file when we have pinned
terraform_version: 1.7.5
- name: Terraform fmt
id: fmt
run: terraform fmt -check -recursive -diff .
terraform-validate:
name: 'Terraform validate'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./terraform/gcp/modules/sigstore
steps:
- name: 'Checkout'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v2.0.0
with:
# TODO: extract terraform from the tf file when we have pinned
terraform_version: 1.7.5
- name: Terraform init
id: init
run: terraform init
- name: Terraform validate
id: validate
run: terraform validate
terraform-tfsec:
name: 'Terraform tfsec'
runs-on: ubuntu-latest
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
steps:
- name: 'Checkout'
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
- name: tfsec
uses: tfsec/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 # v0.1.0
with:
sarif_file: tfsec.sarif
working_directory: '.'
tfsec_args: --force-all-dirs --verbose
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif