Terraform lock file #123

Workflow file for this run

.github/workflows/terraform-checks.yml at 7f8224e

	name: "Terraform Checks"

	on:
	push:
	branches:
	- master
	- main
	- develop
	- "deployment/**"
	paths:
	- infra/**

	pull_request:
	branches:
	- master
	- main
	- develop
	- "deployment/**"
	paths:
	- infra/**

	jobs:
	terraform-CI-checks-staging:
	name: "Formatting and validation Checks for Staging"
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}

	- name: Check code formating
	id: fmt
	run: terraform fmt -check

	- name: Initialise modules
	id: init
	run: terraform init

	- name: Validate template
	id: validate
	run: terraform validate -no-color

	terraform-CI-check-production:
	name: "Formatting and validation Checks for Production"
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: infra/production
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}

	- name: Check code formating
	id: fmt
	run: terraform fmt -check

	- name: Initialise modules
	id: init
	run: terraform init

	- name: Validate template
	id: validate
	run: terraform validate -no-color

	terrascan-staging:
	name: "Terrascan Staging Checks"
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Run Terrascan on staging
	id: terrascan
	uses: tenable/terrascan-action@main
	with:
	iac_type: "terraform"
	iac_dir: "./infra"
	iac_version: "v14"
	policy_type: "all"

	terrascan-production:
	name: "Terrascan Production Checks"
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: infra/production
	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Run Terrascan on production
	id: terrascan
	uses: tenable/terrascan-action@main
	with:
	iac_type: "terraform"
	iac_dir: "./infra/production"
	iac_version: "v14"
	policy_type: "all"

	checkov-staging:
	runs-on: ubuntu-latest
	name: "Checkov Staging Checks"
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Checkov GitHub Action
	uses: bridgecrewio/checkov-action@v12
	with:
	directory: infra/
	output_format: cli,sarif
	output_file_path: console,results.sarif

	checkov-production:
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	name: "Checkov Production Checks"
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Checkov GitHub Action
	uses: bridgecrewio/checkov-action@v12
	with:
	directory: infra/production/
	output_format: cli,sarif
	output_file_path: console,results.sarif

	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v2

	# Results are generated only on a success or failure
	# this is required since GitHub by default won't run the next step
	# when the previous one has failed. Security checks that do not pass will 'fail'.
	# An alternative is to add `continue-on-error: true` to the previous step
	# Or 'soft_fail: true' to checkov.
	if: success() \|\| failure()
	with:
	sarif_file: results.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Terraform lock file #123

Workflow file

Terraform lock file #123

Jobs

Run details

Workflow file for this run