Fix GitHub Actions typo #102
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD Pipeline | |
permissions: | |
contents: read | |
security-events: write | |
id-token: write | |
actions: write | |
on: | |
push: | |
pull_request: | |
branches: | |
- main | |
types: [opened, synchronize, reopened] | |
jobs: | |
get-metadata: | |
name: "Get Metadata" | |
runs-on: ubuntu-latest | |
outputs: | |
build_datetime: ${{ steps.metadata.outputs.build_datetime }} | |
build_timestamp: ${{ steps.metadata.outputs.build_timestamp }} | |
build_epoch: ${{ steps.metadata.outputs.build_epoch }} | |
terraform_version: ${{ steps.metadata.outputs.terraform_version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: metadata | |
name: Get Metadata | |
uses: ./.github/actions/get-metadata | |
- id: cloc | |
name: Get Lines of Code | |
uses: ./.github/actions/cloc-repository | |
formatting-checks: | |
needs: [get-metadata] | |
runs-on: ubuntu-latest | |
name: Formatting Checks | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Check File Format | |
uses: ./.github/actions/check-file-format | |
- name: Check Markdown Format | |
uses: ./.github/actions/check-markdown-format | |
- name: Check Terraform Format | |
uses: ./.github/actions/check-terraform-format | |
security-scan: | |
needs: [get-metadata] | |
runs-on: ubuntu-latest | |
name: Security Scanning | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Scan Dependencies | |
uses: ./.github/actions/scan-dependencies | |
- name: Scan Secrets | |
uses: ./.github/actions/scan-secrets | |
checkov: | |
name: Checkov | |
runs-on: ubuntu-latest | |
needs: [formatting-checks, security-scan] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: '3.11' | |
- name: Install Latest Checkov | |
id: install-checkov | |
run: pip install --user checkov | |
- name: Run Checkov | |
id: run-checkov | |
run: checkov --directory . -o sarif -s --quiet | |
- name: Upload SARIF File | |
uses: github/codeql-action/upload-sarif@v2 | |
if: always() && github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
with: | |
sarif_file: results.sarif | |
tflint: | |
name: TFLint | |
runs-on: ubuntu-latest | |
needs: [formatting-checks, security-scan] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup TFLint Cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.tflint.d/plugins | |
key: tflint-${{ hashFiles('.tflint.hcl') }} | |
- name: Setup TFLint | |
uses: terraform-linters/setup-tflint@v3 | |
with: | |
tflint_version: v0.47.0 | |
- name: Init TFLint | |
run: tflint --init | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
- name: Run TFLint | |
run: tflint -f compact | |
build-example-app: | |
name: Build Example App | |
runs-on: ubuntu-latest | |
needs: [tflint, checkov] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install asdf & tools | |
uses: asdf-vm/actions/install@v2 | |
- name: Install Example Dependencies | |
run: make example-install | |
- name: Build Example App | |
run: make example-build | |
deploy: | |
name: Deploy Example App | |
runs-on: ubuntu-latest | |
needs: [build-example-app] | |
if: success() && github.ref_name == 'main' | |
environment: | |
name: Example Application | |
steps: | |
- uses: actions/checkout@v3 | |
- id: aws-credentials | |
name: Setup AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.DEPLOYMENT_IAM_ROLE }} | |
aws-region: eu-west-2 | |
- name: Get Current Identity | |
run: aws sts get-caller-identity |