Skip to content
Apply

Apply #258

Sign in to view logs

Apply

Apply #258

Workflow file for this run

.github/workflows/apply.yml at cf31a56
name: Apply
on:
workflow_dispatch:
schedule:
- cron: "0 6 * * 1"
env:
TF_VAR_billing_account_id: ${{ secrets.BILLING_ACCOUNT_ID }}
TF_VAR_seed_sa_email: ${{ secrets.SEED_SA_EMAIL_ADDRESS }}
TF_VAR_github_admin_token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
TF_VAR_github_api_label_token: ${{ secrets.ADMIN_GITHUB_TOKEN }}
TF_VAR_project_postfix: ${{ secrets.GCP_PROJECT_POSTFIX }}
TF_VAR_workload_identity_provider_name: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
TF_VAR_workload_identity_pool_id: ${{ secrets.WORKLOAD_IDENTITY_POOL_ID }}
TF_VAR_codacy_api_token: ${{ secrets.CODACY_API_TOKEN }}
TF_VAR_docker_registry_username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
TF_VAR_docker_registry_token: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
TF_IN_AUTOMATION: true
TF_INPUT: false
GITHUB_TOKEN: ${{ secrets.ADMIN_GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.ADMIN_GITHUB_TOKEN }}
CLOUDSDK_CORE_PROJECT: ${{ secrets.GCP_PROJECT_ID }}
permissions:
id-token: write
jobs:
compliance-scan:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Checkov action
id: checkov
uses: bridgecrewio/[email protected]
with:
framework: terraform
# we are fine with Google's Keys
# we are fine with basic roles (no org), we are fine with our own module
skip_check: CKV_GCP_84,CKV_GIT_4,CKV_GCP_117,CKV_TF_1
output_format: cli
download_external_modules: true
apply:
runs-on: ubuntu-20.04
needs:
- security-scan

Check failure on line 49 in .github/workflows/apply.yml

View workflow run for this annotation

GitHub Actions / Apply

Invalid workflow file 

The workflow is not valid. .github/workflows/apply.yml (Line: 49, Col: 9): Job 'apply' depends on unknown job 'security-scan'.
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Authenticating
uses: google-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SEED_SA_EMAIL_ADDRESS }}
- name: Setting up GCP environment
uses: google-github-actions/[email protected]
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Init
run: terraform init -backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}"
- name: Apply
run: terraform apply --auto-approve