Skip to content

update for orb version #11

update for orb version

update for orb version #11

name: Lint-Format-Scan
on: [push]
jobs:
terraform_fmt:
name: Run terraform fmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Terraform fmt
uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_fmt --all-files
terraform_lint:
name: Run tflint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install tflint
uses: nick-fields/retry@v3.0.0
with:
timeout_seconds: 30
max_attempts: 5
retry_on: error
command: >-
curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
- uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_tflint --all-files
terraform_trivy:
name: Run trivy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install trivy
uses: nick-fields/retry@v3.0.0
with:
timeout_seconds: 60
max_attempts: 5
retry_wait_seconds: 20
retry_on: error
command: |
apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
trivy version
- uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_trivy --all-files
terraform_validate:
name: Run terraform validate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Generate pvt key
run: >-
ssh-keygen -q -P '' -t rsa -b 4096 -m PEM -f tests/domino.pem
- name: Terraform validate
uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_validate --all-files
terraform_providers_lock:
name: Run terraform providers_lock
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Generate pvt key
run: ssh-keygen -q -P '' -t rsa -b 4096 -m PEM -f tests/domino.pem
- name: Terraform providers_lock
uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_providers_lock --all-files
terraform_docs:
name: Run terraform docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Install terraform docs
uses: nick-fields/retry@v3.0.0
with:
timeout_seconds: 60
max_attempts: 5
retry_wait_seconds: 20
retry_on: error
command: >-
curl -L https://github.com/terraform-docs/terraform-docs/releases/download/v0.19.0/terraform-docs-v0.19.0-linux-amd64.tar.gz | tar -C /tmp -xzf - && chmod +x /tmp/terraform-docs && sudo mv /tmp/terraform-docs /usr/local/bin
- name: Terraform docs
uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_docs --all-files
checkov:
name: Run checkov scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- uses: actions/setup-python@v5
- name: Install checkov
run: pip3 install checkov
- name: Run Checkov scan
uses: pre-commit/action@v3.0.1
with:
extra_args: terraform_checkov --all-files
check_aws_partition:
name: Check for hardcoded aws partition
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Check for hardcoded aws partition
uses: pre-commit/action@v3.0.1
with:
extra_args: check_aws_partition --all-files
test:
runs-on: ubuntu-latest
steps:
- name: Test
id: test
uses: CircleCI-Public/trigger-circleci-pipeline-action@v1.2.0
env:
CCI_TOKEN: ${{ secrets.CIRCLE_PERSONAL_TOKEN }}
validate-iam-bootstrap:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Validate IAM bootstrap
run: bin/pre-commit/validate-iam-bootstrap.py