diff --git a/.github/workflows/ci_code.yml b/.github/workflows/ci_code.yml index 6860f461..ee6e256d 100644 --- a/.github/workflows/ci_code.yml +++ b/.github/workflows/ci_code.yml @@ -7,6 +7,9 @@ on: - scanners/axe-core/** - scanners/owasp-zap/** +env: + TERRAGRUNT_VERSION: v0.31.1 + jobs: tests: @@ -40,6 +43,13 @@ jobs: with: node-version: "14" + - name: Setup Terragrunt + run: | + mkdir -p bin + wget -O bin/terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/$TERRAGRUNT_VERSION/terragrunt_linux_amd64 + chmod +x bin/* + echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH + - name: Install dev dependencies working-directory: ${{ matrix.folder }} run: make install-dev diff --git a/Makefile b/Makefile index 27965623..06f06fc6 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ RESOURCES = \ + terragrunt \ api \ scanners/axe-core \ scanners/owasp-zap \ diff --git a/terragrunt/.checkov.yml b/terragrunt/.checkov.yml new file mode 100644 index 00000000..3b36f240 --- /dev/null +++ b/terragrunt/.checkov.yml @@ -0,0 +1,20 @@ +skip-check: + - CKV_AWS_18 + - CKV_AWS_21 + - CKV_AWS_50 + - CKV_AWS_59 + - CKV_AWS_73 + - CKV_AWS_76 + - CKV_AWS_108 + - CKV_AWS_109 + - CKV_AWS_111 + - CKV_AWS_115 + - CKV_AWS_116 + - CKV_AWS_117 + - CKV_AWS_120 + - CKV_AWS_136 + - CKV_AWS_144 + - CKV_AWS_145 + - CKV2_AWS_4 + - CKV2_AWS_5 + - CKV2_AWS_29 \ No newline at end of file diff --git a/terragrunt/Makefile b/terragrunt/Makefile index fefb2a30..e10f3441 100644 --- a/terragrunt/Makefile +++ b/terragrunt/Makefile @@ -1,21 +1,26 @@ -.PHONY: fmt checkov install lint test fmt-ci lint-ci build install-dev -fmt: - terraform fmt -recursive aws &&\ - terragrunt hclfmt +.PHONY: build test fmt lint install-dev install fmt-ci lint-ci -checkov: - checkov --directory=aws +build: + +test: -build: ; +fmt-ci: fmt -install: ; +fmt: + terraform fmt -recursive aws && \ + terragrunt hclfmt -install-dev: ; +build: -lint: ; +install: -lint-ci: ; +install-dev: + pip3 install --upgrade requests setuptools && \ + pip3 install --upgrade botocore checkov -test: ; +lint-ci: lint + +lint: + checkov --directory=aws -fmt-ci: ; \ No newline at end of file +test: