This repository has been archived by the owner on May 8, 2024. It is now read-only.
Merge pull request #276 from unity-sds/256-airflow #232
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Static Analysis | |
| on: | |
| push: | |
| paths: | |
| - ".github/workflows/terraform_static_analysis.yml" | |
| - "terraform-modules/**.tf" | |
| - "terraform-unity/*.tf" | |
| workflow_dispatch: | |
| jobs: | |
| terraform_validate: | |
| name: terraform-validate - Validates all Terraform configuration files. | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| { | |
| dir: | |
| [ | |
| "terraform-modules/terraform-unity-sps-hysds-cluster/", | |
| "terraform-unity/", | |
| ], | |
| } | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Run Terraform validate | |
| uses: dflook/terraform-validate@v1 | |
| with: | |
| path: ${{ matrix.dir }} | |
| terraform_fmt: | |
| name: terraform-fmt - Check Terraform files are formatted correctly. | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| { | |
| dir: | |
| [ | |
| "terraform-modules/terraform-unity-sps-hysds-cluster/", | |
| "terraform-unity/", | |
| ], | |
| } | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Run Terraform fmt | |
| uses: dflook/terraform-fmt-check@v1 | |
| with: | |
| path: ${{ matrix.dir }} | |
| terraform_tflint: | |
| name: terraform-tflint - Validates all Terraform configuration files with TFLint. | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| { | |
| dir: | |
| [ | |
| "./terraform-modules/terraform-unity-sps-hysds-cluster/", | |
| "./terraform-unity/", | |
| ], | |
| } | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Cache plugin dir | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }} | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@v2 | |
| with: | |
| tflint_version: v0.38.1 | |
| - name: Init TFLint | |
| run: tflint --init | |
| - name: Run TFLint | |
| run: tflint -f compact ${{ matrix.dir }} | |
| terraform_tfsec: | |
| name: terraform-tfsec - Static analysis of Terraform templates to spot potential security issues. | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| { | |
| dir: | |
| [ | |
| "terraform-modules/terraform-unity-sps-hysds-cluster/", | |
| "terraform-unity/", | |
| ], | |
| } | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Run tfsec | |
| uses: aquasecurity/[email protected] | |
| with: | |
| working_directory: ${{ matrix.dir }} | |
| soft_fail: true | |
| checkov: | |
| name: terraform-checkov - Static analysis of Terraform templates. | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| { | |
| dir: | |
| [ | |
| "terraform-modules/terraform-unity-sps-hysds-cluster/", | |
| "terraform-unity/", | |
| ], | |
| } | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - name: Run Checkov | |
| id: checkov | |
| uses: bridgecrewio/checkov-action@master | |
| with: | |
| directory: ${{ matrix.dir }} | |
| quiet: true # optional: display only failed checks | |
| soft_fail: true # optional: do not return an error code if there are failed checks | |
| framework: terraform # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all} | |
| output_format: github_failed_only # optional: the output format, one of: cli, json, junitxml, github_failed_only, or sarif. Default: sarif | |
| download_external_modules: true # optional: download external terraform modules from public git repositories and terraform registry | |
| lint: | |
| name: terraform-lint-config - Static analysis of Terraform templates. | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| { | |
| dir: | |
| [ | |
| "terraform-modules/terraform-unity-sps-hysds-cluster/", | |
| "terraform-unity/", | |
| ], | |
| } | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v3 | |
| - uses: terraform-linters/[email protected] | |
| name: Load TFLint Config | |
| with: | |
| source-repo: unity-sds/unity-sps-prototype | |
| source-path: .github/config/.tflint.hcl | |
| - name: Setup TFLint | |
| uses: terraform-linters/[email protected] | |
| with: | |
| tflint_version: v0.38.1 | |
| - name: Show version | |
| run: tflint --version | |
| - name: Init TFLint | |
| run: tflint --init --config .github/config/.tflint.hcl | |
| - name: Run TFLint | |
| run: tflint --format compact ${{ matrix.dir }} |