POL-1362 Flexera Policy CloudFormation Template Automation #4821
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test CloudFormation Templates | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| name: checkov-action | |
| strategy: | |
| # Disable fast-fail to allow all template file tests to finish even if one fails | |
| # Prevents needing to re-run tests to find errors in other template files | |
| fail-fast: false | |
| matrix: | |
| # matrix.template_files is a list of template files to test | |
| template_files: | |
| - ./cost/aws/FlexeraReadOnlyPolicy.template | |
| - ./tools/cloudformation-template/FlexeraAutomationPolicies.template | |
| # TODO: Fix wildcard/dynamic release list | |
| # - ./tools/cloudformation-template/releases/*.template | |
| # Staticly define release templates for now | |
| - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.1.0.template | |
| - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.1.1.template | |
| - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.2.0.template | |
| - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.2.1.template | |
| - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.3.0.template | |
| - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.4.0.template | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup Cloud Formation Linter with Latest Version | |
| uses: scottbrenner/cfn-lint-action@v2 | |
| - name: Run Cloudformation Linter | |
| id: cfn-lint | |
| run: | | |
| cfn-lint -t ${{ matrix.template_files }} | |
| - name: Run Checkov action | |
| id: checkov | |
| uses: bridgecrewio/checkov-action@master | |
| with: | |
| file: ${{ matrix.template_files }} | |
| quiet: true # optional: display only failed checks | |
| framework: cloudformation # optional: run only on a specific infrastructure |