cfn-test.yaml

name: Test CloudFormation Templates

on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master

jobs:
  test:
    runs-on: ubuntu-latest
    name: checkov-action
    strategy:
      # Disable fast-fail to allow all template file tests to finish even if one fails
      # Prevents needing to re-run tests to find errors in other template files
      fail-fast: false
      matrix:
        # matrix.template_files is a list of template files to test
        template_files:
          - ./cost/aws/FlexeraReadOnlyPolicy.template
          - ./tools/cloudformation-template/FlexeraAutomationPolicies.template

          # TODO: Fix wildcard/dynamic release list
          # - ./tools/cloudformation-template/releases/*.template

          # Staticly define release templates for now
          - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.1.0.template
          - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.1.1.template
          - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.2.0.template
          - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.2.1.template
          - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.3.0.template
          - ./tools/cloudformation-template/releases/FlexeraAutomationPolicies_v0.4.0.template
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Setup Cloud Formation Linter with Latest Version
        uses: scottbrenner/cfn-lint-action@v2

      - name: Run Cloudformation Linter
        id: cfn-lint
        run: |
          cfn-lint -t ${{ matrix.template_files }}

      - name: Run Checkov action
        id: checkov
        uses: bridgecrewio/checkov-action@master
        with:
          file: ${{ matrix.template_files }}
          quiet: true # optional: display only failed checks
          framework: cloudformation # optional: run only on a specific infrastructure