-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
made few improvements to the module (#4)
- Loading branch information
1 parent
c73a129
commit 9115c08
Showing
12 changed files
with
330 additions
and
189 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,55 +4,140 @@ name: Terraform | |
on: | ||
pull_request: | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
jobs: | ||
terraform-fmt: | ||
fmt-lint-validate: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@master | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Setup Terraform | ||
uses: hashicorp/setup-terraform@v2 | ||
|
||
- name: Setup Terraform Linters | ||
uses: terraform-linters/setup-tflint@v4 | ||
with: | ||
github_token: ${{ env.GITHUB_TOKEN }} | ||
|
||
- name: Terraform Format | ||
uses: hashicorp/terraform-github-actions@master | ||
id: fmt | ||
run: terraform fmt -check -recursive | ||
|
||
- name: Terraform Init | ||
id: init | ||
run: terraform init | ||
|
||
- name: Terraform Validate | ||
id: validate | ||
run: terraform validate -no-color | ||
|
||
- name: Terraform Lint | ||
id: lint | ||
run: tflint --no-color --recursive --format compact | ||
|
||
- uses: actions/github-script@v6 | ||
if: github.event_name == 'pull_request' || always() | ||
with: | ||
tf_actions_version: latest | ||
tf_actions_subcommand: fmt | ||
tf_actions_comment: true | ||
github-token: ${{ env.GITHUB_TOKEN }} | ||
script: | | ||
// 1. Retrieve existing bot comments for the PR | ||
const { data: comments } = await github.rest.issues.listComments({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
issue_number: context.issue.number, | ||
}) | ||
const botComment = comments.find(comment => { | ||
return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style') | ||
}) | ||
// 2. Prepare format of the comment | ||
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | ||
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | ||
#### Terraform Lint 📖\`${{ steps.lint.outcome }}\` | ||
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` | ||
<details><summary>Validation Output</summary> | ||
terraform-validate: | ||
\`\`\`\n | ||
${{ steps.validate.outputs.stdout }} | ||
\`\`\` | ||
</details>`; | ||
// 3. If we have a comment, update it, otherwise create a new one | ||
if (botComment) { | ||
github.rest.issues.updateComment({ | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
comment_id: botComment.id, | ||
body: output | ||
}) | ||
} else { | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: output | ||
}) | ||
} | ||
tfsec: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@master | ||
- name: Terraform Init | ||
uses: hashicorp/terraform-github-actions@master | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Terraform security scan | ||
uses: aquasecurity/[email protected] | ||
with: | ||
tf_actions_version: latest | ||
tf_actions_subcommand: init | ||
tf_actions_comment: true | ||
- name: Terraform Validate | ||
uses: hashicorp/terraform-github-actions@master | ||
env: | ||
AWS_DEFAULT_REGION: eu-west-1 | ||
github_token: ${{ env.GITHUB_TOKEN }} | ||
soft_fail: false | ||
|
||
- name: Terraform pr commenter | ||
uses: aquasecurity/[email protected] | ||
with: | ||
tf_actions_version: latest | ||
tf_actions_subcommand: validate | ||
tf_actions_comment: true | ||
github_token: ${{ env.GITHUB_TOKEN }} | ||
tfsec_args: --concise-output --force-all-dirs | ||
|
||
terraform-docs: | ||
checkov: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v2 | ||
uses: actions/checkout@v4 | ||
|
||
- name: Run Checkov | ||
uses: bridgecrewio/[email protected] | ||
with: | ||
container_user: 1000 | ||
directory: "/" | ||
download_external_modules: false | ||
framework: terraform | ||
output_format: sarif | ||
quiet: true | ||
skip_check: "CKV_TF_1,CKV_AWS_108,CKV_AWS_109,CKV_AWS_111,CKV_AWS_356" | ||
soft_fail: false | ||
|
||
docs: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.ref }} | ||
- name: Update module usage docs and push any changes back to PR branch | ||
uses: Dirrk/[email protected] | ||
|
||
- name: Render terraform docs inside the README.md and push changes back to PR branch | ||
uses: terraform-docs/[email protected] | ||
with: | ||
tf_docs_args: '--sort-inputs-by-required' | ||
tf_docs_git_commit_message: 'terraform-docs: Update module usage' | ||
tf_docs_git_push: 'true' | ||
tf_docs_output_file: README.md | ||
tf_docs_output_method: inject | ||
tf_docs_find_dir: . | ||
args: --sort-by required | ||
git-commit-message: "docs(readme): update module usage" | ||
git-push: true | ||
output-file: README.md | ||
output-method: inject | ||
working-dir: . | ||
continue-on-error: true # added this to prevent a PR from a remote fork failing the workflow |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
resource "aws_efs_backup_policy" "default" { | ||
file_system_id = aws_sagemaker_domain.default.home_efs_file_system_id | ||
|
||
backup_policy { | ||
status = "ENABLED" | ||
} | ||
} |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.