Skip to content

Adding explicit attach json policy var to avoid plan failures. #36

Adding explicit attach json policy var to avoid plan failures.

Adding explicit attach json policy var to avoid plan failures. #36

name: Terraform Static Code Analysis
on:
workflow_dispatch:
pull_request:
branches:
- main
paths:
- '**.tf'
- '.github/workflows/terraform-static-analysis.yml'
permissions:
contents: read
jobs:
terraform-static-analysis:
permissions:
pull-requests: write
name: Terraform Static Analysis
runs-on: ubuntu-latest
if: github.event_name != 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
with:
fetch-depth: 0
- name: Run Analysis
uses: ministryofjustice/github-actions/terraform-static-analysis@d9a5f75c10cd50abd5f312ab9f4bab5826e4fedf # v11
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
scan_type: single
tfsec_exclude: AWS089, AWS099, AWS009, AWS097, AWS018
checkov_exclude: CKV_GIT_1
terraform-static-analysis-full-scan:
permissions:
pull-requests: write
name: Terraform Static Analysis - scan all directories
runs-on: ubuntu-latest
if: github.event_name == 'workflow_dispatch'
steps:
- name: Checkout
uses: actions/checkout@83b7061638ee4956cf7545a6f7efe594e5ad0247 # v3.5.1
with:
fetch-depth: 0
- name: Run Analysis
uses: ministryofjustice/github-actions/terraform-static-analysis@d9a5f75c10cd50abd5f312ab9f4bab5826e4fedf # v11
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
scan_type: full
tfsec_exclude: AWS089, AWS099, AWS009, AWS097, AWS018
checkov_exclude: CKV_GIT_1