edit readme #51
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Scan Terraform | |
| on: | |
| push: | |
| jobs: | |
| tflint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3 | |
| with: | |
| # renovate: datasource=github-tags depName=opentofu/opentofu versioning=semver | |
| tofu_version: 1.6.3 | |
| - name: tofu init | |
| run: tofu init | |
| - name: tofu validate | |
| run: tofu validate | |
| - name: tofu fmt | |
| run: tofu fmt -recursive | |
| # - name: Set Diff Readme recursive | |
| # id: find_readme | |
| # run: | | |
| # # Stash a list of all readmes found and their sha | |
| # readme_list=$(find . -print|grep -v '.git'|grep -v .terraform|grep -v .config|grep README.md) | |
| # echo README_LIST=$readme_list >> $GITHUB_ENV | |
| # csv_found='' | |
| # for readme in $readme_list; do | |
| # # Finds only the Readme with .tf in the dir. | |
| # directory_check=${readme:0:-9} | |
| # has_tf=$(ls $directory_check | grep .tf | wc -l) | |
| # if [ $has_tf -ge 0 ]; then | |
| # echo "Readme found: $readme" | |
| # csv_found+="$directory_check," | |
| # fi | |
| # done; | |
| # # removes final comma | |
| # for j in ${csv_found[@]}; do echo "folder, $j"; done; | |
| # echo "csv_readme=${csv_found%,}" >> $GITHUB_OUTPUT | |
| - name: Update Tofu Docs | |
| uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # v1.2.0 | |
| with: | |
| # working-dir: ${{ steps.find_readme.outputs.csv_readme }} | |
| working-dir: . | |
| output-method: inject | |
| git-push: false | |
| fails-on-diff: true | |
| - name: Check for changed files | |
| run: | | |
| if [ -z "$(git status -s README.md)" ]; then | |
| echo "Success!" | |
| exit 0 | |
| else | |
| git diff README.md | |
| exit 1 | |
| fi | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0 | |
| with: | |
| # renovate: datasource=github-tags depName=terraform-linters/tflint versioning=semver | |
| tflint_version: v0.46.1 | |
| - name: Show version | |
| run: tflint --version | |
| - name: Init TFLint | |
| run: tflint --init | |
| env: | |
| # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting | |
| GITHUB_TOKEN: $GITHUB_TOKEN | |
| - name: Run TFLint | |
| run: tflint -f compact --recursive | |
| tfsec-scan: | |
| needs: [tflint] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: tfsec | |
| uses: aquasecurity/tfsec-action@b466648d6e39e7c75324f25d83891162a721f2d6 # v1.0.3 | |
| with: | |
| github_token: $GITHUB_TOKEN | |
| soft_fail: true | |
| regula: | |
| needs: [tflint] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: List Directories | |
| run: ls -lsa | |
| - name: Scan with Regula | |
| uses: fugue/regula-action@e47ae38fae32dccedc5ef814acdb2081eb2a351d # v3.2.1 | |
| with: | |
| input_path: . | |
| input_type: tf | |
| severity: high |