From cc67f936bb4fc30901bab4034ec3ea850e8ce788 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Tue, 11 Oct 2022 18:00:21 +0400 Subject: [PATCH 01/10] feat(DMVP-1287): add terraform test pipline --- terraform-test/README.md | 51 +++++++++++++++++++++++++++++++++++++++ terraform-test/action.yml | 50 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 terraform-test/README.md create mode 100644 terraform-test/action.yml diff --git a/terraform-test/README.md b/terraform-test/README.md new file mode 100644 index 0000000..836c1e8 --- /dev/null +++ b/terraform-test/README.md @@ -0,0 +1,51 @@ +# GitHub Actions: Run Terraform Test +GitHub Action for running terraform test command. + +## Usage + +This action can be used as follows add latest version: + +```yaml + - name: Terraform Test + uses: dasmeta/reusable-actions-workflows/terraform-test@0.0.8 +``` + +## For Default Configuration in .github/workflows/check.yml you must have: +```yaml +name: Terraform Test +on: + pull_request: + push: + branches: [main, master] + +jobs: + terraform-validate: + runs-on: ubuntu-latest + strategy: + matrix: + path: + - dashboard + - billing + permissions: write-all + steps: + - uses: dasmeta/reusable-actions-workflows/terraform-test@0.0.8 + with: + aws-region: ${{ secrets.AWS_REGION}} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: modules/${{ matrix.path }} + +``` + +## Valid INPUTS + + +`aws-region` +Optional. 'AWS Region, e.g. us-east-2' +`Default: eu-central-1` + +`aws-access-key-id:` +Optional. AWS Access Key ID. This input is required if running in the GitHub hosted environment. + +`aws-secret-access-key` +Optional. AWS Secret Access Key. This input is required if running in the GitHub hosted environment. diff --git a/terraform-test/action.yml b/terraform-test/action.yml new file mode 100644 index 0000000..89ef390 --- /dev/null +++ b/terraform-test/action.yml @@ -0,0 +1,50 @@ +name: Terraform TEST +description: "terraform tool common flow action to init, test terraform code" +author: Das Meta +branding: + icon: globe + color: purple +inputs: + fetch-depth: + description: "Number of commits to fetch. 0 indicates all history for all branches and tags." + required: false + default: 0 + aws-region: + description: "AWS Region, e.g. us-east-2" + required: false + default: eu-central-1 + aws-access-key-id: + description: "AWS Access Key ID. This input is required if running in the GitHub hosted environment." + required: false + aws-secret-access-key: + description: "AWS Secret Access Key. This input is required if running in the GitHub hosted environment." + required: false + path: + description: "Path where will run terraform test" + required: false + default: dashboard +runs: + using: "composite" + steps: + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: ${{ inputs.fetch-depth }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ inputs.aws-region }} + aws-access-key-id: ${{ inputs.aws-access-key-id }} + aws-secret-access-key: ${{ inputs.aws-secret-access-key }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.2.1 + + - name: Run Terraform Test + run: | + cd ${{ inputs.path }} + terraform test + shell: bash From bf138e3107911aef6cf345cd327eaf8c29feef28 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Tue, 11 Oct 2022 18:10:15 +0400 Subject: [PATCH 02/10] feat(DMVP-1287): add tfsec to pipline --- tfsec/README.md | 37 +++++++++++++++++++++++++++++++++++++ tfsec/action.yaml | 30 ++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 tfsec/README.md create mode 100644 tfsec/action.yaml diff --git a/tfsec/README.md b/tfsec/README.md new file mode 100644 index 0000000..6a22907 --- /dev/null +++ b/tfsec/README.md @@ -0,0 +1,37 @@ +# GitHub Actions: Run TFSEC +GitHub Action for running terraform tfsec security scanning + +## Usage + +This action can be used as follows add latest version: + +```yaml + - name: TFSEC + uses: dasmeta/reusable-actions-workflows/tfsec@0.0.9 +``` + +## For Default Configuration in .github/workflows/tfsec.yml you must have: + +```yaml +name: TFSEC +on: + pull_request: + push: + branches: [main, master] + +jobs: + terraform-tfsec: + runs-on: ubuntu-latest + permissions: write-all + steps: + - uses: dasmeta/reusable-actions-workflows/tfsec@0.0.9 + with: + fetch-depth: 0 + +``` + +## Valid INPUTS + +`fetch-depth` +Optional. 'fetch-depth' +`Default: 0` diff --git a/tfsec/action.yaml b/tfsec/action.yaml new file mode 100644 index 0000000..9ef8700 --- /dev/null +++ b/tfsec/action.yaml @@ -0,0 +1,30 @@ +name: Terraform TEST +description: "terraform tool common flow action to init, test terraform code" +author: Das Meta +branding: + icon: globe + color: purple +inputs: + fetch-depth: + description: "Number of commits to fetch. 0 indicates all history for all branches and tags." + required: false + default: 0 +runs: + using: "composite" + steps: + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: ${{ inputs.fetch-depth }} + persist-credentials: false + submodules: recursive + + - name: tfsec + uses: aquasecurity/tfsec-sarif-action@v0.1.0 + with: + sarif_file: tfsec.sarif + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: tfsec.sarif From be5f79c166b666930745604192a1ffaa48519e00 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Tue, 11 Oct 2022 20:24:35 +0400 Subject: [PATCH 03/10] feat(DMVP-1287): add checkov to github pipline --- checkov/README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++ checkov/action.yaml | 38 +++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+) create mode 100644 checkov/README.md create mode 100644 checkov/action.yaml diff --git a/checkov/README.md b/checkov/README.md new file mode 100644 index 0000000..e4609a1 --- /dev/null +++ b/checkov/README.md @@ -0,0 +1,51 @@ +# GitHub Actions: Run Checkov +GitHub Action for running checkov. + +## Usage + +This action can be used as follows: + +```yaml + - name: Checkov + uses: dasmeta/reusable-actions-workflows/checkov@0.0.8 +``` + +## For Default Configuration in .github/workflows/check.yml you must have: +```yaml +name: Checkov +on: + pull_request: + push: + branches: [main, master] +jobs: + terraform-validate: + runs-on: ubuntu-latest + strategy: + matrix: + path: + - folder1 + - folder2 + permissions: write-all + steps: + - uses: dasmeta/reusable-actions-workflows/checkov@ + with: + fetch-depth: 0 + directory: modules/${{ matrix.directory }} + + +``` + +## Valid INPUTS + +`aws-region` +Optional. 'AWS Region, e.g. us-east-2' +`Default: eu-central-1` + +`aws-access-key-id:` +Optional. AWS Access Key ID. This input is required if running in the GitHub hosted environment. + +`aws-secret-access-key` +Optional. AWS Secret Access Key. This input is required if running in the GitHub hosted environment. + +`directory` +Optional. A directory where will run Checkov \ No newline at end of file diff --git a/checkov/action.yaml b/checkov/action.yaml new file mode 100644 index 0000000..e488968 --- /dev/null +++ b/checkov/action.yaml @@ -0,0 +1,38 @@ +name: Terraform TEST +description: "terraform tool common flow action to init, test terraform code" +author: Das Meta +branding: + icon: globe + color: purple +inputs: + fetch-depth: + description: "Number of commits to fetch. 0 indicates all history for all branches and tags." + required: false + default: 0 + directory: + description: "Path where will run terraform test" + required: false + default: modules/dashboard +runs: + using: "composite" + steps: + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: ${{ inputs.fetch-depth }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.2.1 + + - name: Set up Python 3.8 + uses: actions/setup-python@v1 + with: + python-version: 3.8 + - name: Test with Checkov + id: checkov + uses: bridgecrewio/checkov-action@master + with: + directory: ${{ inputs.directory }} + framework: terraform From 0f953669c549eefc42f033d90413bd4ea8b27fc4 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Tue, 11 Oct 2022 20:36:22 +0400 Subject: [PATCH 04/10] feat(DMVP-1287): add option for downloading external modules --- checkov/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/checkov/action.yaml b/checkov/action.yaml index e488968..555488e 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -36,3 +36,4 @@ runs: with: directory: ${{ inputs.directory }} framework: terraform + download_external_modules: true From 1b6ccc3a057a157f81c75686f978bb6c685a7139 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Wed, 12 Oct 2022 11:58:58 +0400 Subject: [PATCH 05/10] feat(DMVP-1287): add checkov to output to pr comment --- checkov/action.yaml | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/checkov/action.yaml b/checkov/action.yaml index 555488e..e2a3ef5 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -1,5 +1,5 @@ -name: Terraform TEST -description: "terraform tool common flow action to init, test terraform code" +name: Checkov +description: "terraform tool" author: Das Meta branding: icon: globe @@ -10,9 +10,12 @@ inputs: required: false default: 0 directory: - description: "Path where will run terraform test" + description: "Path where will run checkov" required: false default: modules/dashboard + github-token: + description: "Path where will run checkov" + required: false runs: using: "composite" steps: @@ -37,3 +40,30 @@ runs: directory: ${{ inputs.directory }} framework: terraform download_external_modules: true + continue-on-error: true + + - run: echo '${{ steps.checkov.outputs.stdout || steps.checkov.outputs.stderr }}' | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > checkov.txt + shell: bash + + - name: Put Files in ENV Vars + run: | + CHECKOV=$(cat checkov.txt) + echo "CHECKOV<> $GITHUB_ENV + echo "$CHECKOV" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + shell: bash + + - name: Post to GitHub PR + uses: mshick/add-pr-comment@v1 + with: + repo-token: ${{ inputs.github-token }} + allow-repeats: true + repo-token-user-login: 'github-actions[bot]' + message: | + ## CHECKOV Output + + ```diff + ${{ env.CHECKOV }} + ``` + + Merge to apply all of the above From 0d214ef0136fe2f04e19ae31c9eef992c2a822db Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Wed, 12 Oct 2022 12:06:02 +0400 Subject: [PATCH 06/10] feat(DMVP-1287): add checkov to output to pr comment --- checkov/action.yaml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/checkov/action.yaml b/checkov/action.yaml index e2a3ef5..cd01cc4 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -42,12 +42,12 @@ runs: download_external_modules: true continue-on-error: true - - run: echo '${{ steps.checkov.outputs.stdout || steps.checkov.outputs.stderr }}' | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > checkov.txt + - run: echo '${{ steps.checkov.outputs.stdout || steps.checkov.outputs.stderr }}' | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > ${{ inputs.directory }}/checkov.txt shell: bash - name: Put Files in ENV Vars run: | - CHECKOV=$(cat checkov.txt) + CHECKOV=$(cat ${{ inputs.directory }}/checkov.txt) echo "CHECKOV<> $GITHUB_ENV echo "$CHECKOV" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV @@ -60,10 +60,4 @@ runs: allow-repeats: true repo-token-user-login: 'github-actions[bot]' message: | - ## CHECKOV Output - - ```diff - ${{ env.CHECKOV }} - ``` - - Merge to apply all of the above + ${{env.CHECKOV}} \ No newline at end of file From a7cf75abbc1cd192cff28f9b74639236395c3dd5 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Wed, 12 Oct 2022 12:09:46 +0400 Subject: [PATCH 07/10] feat(DMVP-1287): add checkov to output to pr comment --- checkov/action.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/checkov/action.yaml b/checkov/action.yaml index cd01cc4..08d5ce8 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -42,12 +42,12 @@ runs: download_external_modules: true continue-on-error: true - - run: echo '${{ steps.checkov.outputs.stdout || steps.checkov.outputs.stderr }}' | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > ${{ inputs.directory }}/checkov.txt - shell: bash + # - run: echo '${{ steps.checkov.outputs.stdout || steps.checkov.outputs.stderr }}' | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > ${{ inputs.directory }}/checkov.txt + # shell: bash - name: Put Files in ENV Vars run: | - CHECKOV=$(cat ${{ inputs.directory }}/checkov.txt) + CHECKOV=$(cat results.sarif) echo "CHECKOV<> $GITHUB_ENV echo "$CHECKOV" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV @@ -60,4 +60,4 @@ runs: allow-repeats: true repo-token-user-login: 'github-actions[bot]' message: | - ${{env.CHECKOV}} \ No newline at end of file + ${{env.CHECKOV}} From da9542f2aa29b7362c78dafb07c6517c73063848 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Wed, 12 Oct 2022 12:12:33 +0400 Subject: [PATCH 08/10] feat(DMVP-1287): add checkov to output to pr comment --- checkov/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkov/action.yaml b/checkov/action.yaml index 08d5ce8..4694197 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -47,7 +47,7 @@ runs: - name: Put Files in ENV Vars run: | - CHECKOV=$(cat results.sarif) + CHECKOV=$(cat results.sarif) | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' echo "CHECKOV<> $GITHUB_ENV echo "$CHECKOV" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV From d8100dbb107c44b5225d34fd376ae198ce695497 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Wed, 12 Oct 2022 13:02:33 +0400 Subject: [PATCH 09/10] feat(DMVP-1287): add checkov to output to pr comment --- checkov/action.yaml | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) diff --git a/checkov/action.yaml b/checkov/action.yaml index 4694197..b0b49ae 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -33,6 +33,7 @@ runs: uses: actions/setup-python@v1 with: python-version: 3.8 + - name: Test with Checkov id: checkov uses: bridgecrewio/checkov-action@master @@ -41,23 +42,8 @@ runs: framework: terraform download_external_modules: true continue-on-error: true - - # - run: echo '${{ steps.checkov.outputs.stdout || steps.checkov.outputs.stderr }}' | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' > ${{ inputs.directory }}/checkov.txt - # shell: bash - - - name: Put Files in ENV Vars - run: | - CHECKOV=$(cat results.sarif) | sed -E 's/^([[:space:]]+)([-+])/\2\1/g' - echo "CHECKOV<> $GITHUB_ENV - echo "$CHECKOV" >> $GITHUB_ENV - echo "EOF" >> $GITHUB_ENV - shell: bash - - name: Post to GitHub PR - uses: mshick/add-pr-comment@v1 + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 with: - repo-token: ${{ inputs.github-token }} - allow-repeats: true - repo-token-user-login: 'github-actions[bot]' - message: | - ${{env.CHECKOV}} + sarif_file: results.sarif From 19f2a2d03ed4711545806da01fe27c0110efcad3 Mon Sep 17 00:00:00 2001 From: 0katrinpetrosyan0 Date: Thu, 13 Oct 2022 13:53:41 +0400 Subject: [PATCH 10/10] feat(DMVP-1156): Add terraform test, tflint, checkov, tfsec to github pipline --- checkov/README.md | 6 ++-- checkov/action.yaml | 9 ++---- terraform-test/README.md | 4 +-- terraform-test/action.yml | 4 +-- tflint/README.md | 54 ++++++++++++++++++++++++++++++++ tflint/action.yml | 66 +++++++++++++++++++++++++++++++++++++++ tfsec/README.md | 6 ++-- tfsec/action.yaml | 4 +-- 8 files changed, 135 insertions(+), 18 deletions(-) create mode 100644 tflint/README.md create mode 100644 tflint/action.yml diff --git a/checkov/README.md b/checkov/README.md index e4609a1..219bc0b 100644 --- a/checkov/README.md +++ b/checkov/README.md @@ -1,5 +1,5 @@ # GitHub Actions: Run Checkov -GitHub Action for running checkov. +GitHub Action for running checkov It is static code analysis tool for scanning infrastructure. ## Usage @@ -7,7 +7,7 @@ This action can be used as follows: ```yaml - name: Checkov - uses: dasmeta/reusable-actions-workflows/checkov@0.0.8 + uses: dasmeta/reusable-actions-workflows/checkov@1.0.0 ``` ## For Default Configuration in .github/workflows/check.yml you must have: @@ -27,7 +27,7 @@ jobs: - folder2 permissions: write-all steps: - - uses: dasmeta/reusable-actions-workflows/checkov@ + - uses: dasmeta/reusable-actions-workflows/checkov@1.0.0 with: fetch-depth: 0 directory: modules/${{ matrix.directory }} diff --git a/checkov/action.yaml b/checkov/action.yaml index b0b49ae..0016cf5 100644 --- a/checkov/action.yaml +++ b/checkov/action.yaml @@ -1,5 +1,5 @@ name: Checkov -description: "terraform tool" +description: "Static code analysis tool for scanning infrastructure" author: Das Meta branding: icon: globe @@ -10,17 +10,14 @@ inputs: required: false default: 0 directory: - description: "Path where will run checkov" + description: "Path where will run Checkov" required: false default: modules/dashboard - github-token: - description: "Path where will run checkov" - required: false runs: using: "composite" steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: ${{ inputs.fetch-depth }} diff --git a/terraform-test/README.md b/terraform-test/README.md index 836c1e8..34ed4cf 100644 --- a/terraform-test/README.md +++ b/terraform-test/README.md @@ -7,7 +7,7 @@ This action can be used as follows add latest version: ```yaml - name: Terraform Test - uses: dasmeta/reusable-actions-workflows/terraform-test@0.0.8 + uses: dasmeta/reusable-actions-workflows/terraform-test@2.0.0 ``` ## For Default Configuration in .github/workflows/check.yml you must have: @@ -28,7 +28,7 @@ jobs: - billing permissions: write-all steps: - - uses: dasmeta/reusable-actions-workflows/terraform-test@0.0.8 + - uses: dasmeta/reusable-actions-workflows/terraform-test@2.0.0 with: aws-region: ${{ secrets.AWS_REGION}} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/terraform-test/action.yml b/terraform-test/action.yml index 89ef390..50062f3 100644 --- a/terraform-test/action.yml +++ b/terraform-test/action.yml @@ -20,14 +20,14 @@ inputs: description: "AWS Secret Access Key. This input is required if running in the GitHub hosted environment." required: false path: - description: "Path where will run terraform test" + description: "Path where to run terraform test" required: false default: dashboard runs: using: "composite" steps: - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: ${{ inputs.fetch-depth }} diff --git a/tflint/README.md b/tflint/README.md new file mode 100644 index 0000000..2c338af --- /dev/null +++ b/tflint/README.md @@ -0,0 +1,54 @@ +# GitHub Actions: Run Tflint +GitHub Action for running tflint. + +## Usage + +This action can be used as follows add latest version: + +```yaml + - name: Tflint + uses: dasmeta/reusable-actions-workflows/tflint@3.0.0 +``` + +## For Default Configuration in .github/workflows/check.yml you must have: +```yaml +name: Tflint +on: + pull_request: + push: + branches: [main, master] + +jobs: + terraform-validate: + runs-on: ubuntu-latest + strategy: + matrix: + path: + - dashboard + - billing + permissions: write-all + steps: + - uses: dasmeta/reusable-actions-workflows/tflint@3.0.0 + with: + aws-region: ${{ secrets.AWS_REGION}} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + path: modules/${{ matrix.path }} + +``` + +## Valid INPUTS + + +`aws-region` +Optional. 'AWS Region, e.g. us-east-2' +`Default: eu-central-1` + +`aws-access-key-id:` +Optional. AWS Access Key ID. This input is required if running in the GitHub hosted environment. + +`aws-secret-access-key` +Optional. AWS Secret Access Key. This input is required if running in the GitHub hosted environment. + +`path` +Optional. Add path where will run job. diff --git a/tflint/action.yml b/tflint/action.yml new file mode 100644 index 0000000..fc0b103 --- /dev/null +++ b/tflint/action.yml @@ -0,0 +1,66 @@ +name: Tflint +description: "terraform tool" +author: Das Meta +branding: + icon: globe + color: purple +inputs: + fetch-depth: + description: "Number of commits to fetch. 0 indicates all history for all branches and tags." + required: false + default: 0 + path: + description: "Path where will run checkov" + required: false + default: modules/dashboard + aws-region: + description: "AWS Region, e.g. us-east-2" + required: false + default: us-east-1 + aws-access-key-id: + description: "AWS Access Key ID. This input is required if running in the GitHub hosted environment." + required: false + aws-secret-access-key: + description: "AWS Secret Access Key. This input is required if running in the GitHub hosted environment." + required: false + github-token: + description: "Path where will run checkov" + required: false +runs: + using: "composite" + steps: + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: ${{ inputs.fetch-depth }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ inputs.aws-region }} + aws-access-key-id: ${{ inputs.aws-access-key-id }} + aws-secret-access-key: ${{ inputs.aws-secret-access-key }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.2.1 + + - name: Terraform init + run: | + cd ${{ inputs.path}} + terraform init + + - name: Setup TFLint + run: curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash + - name: Show version + run: tflint --version + + - name: Init TFLint + id: tflint + run: | + cd ${{inputs.path}} + tflint + echo tflint --enable-rule=terraform_unused_declarations + shell: bash + continue-on-error: true diff --git a/tfsec/README.md b/tfsec/README.md index 6a22907..cd57fea 100644 --- a/tfsec/README.md +++ b/tfsec/README.md @@ -1,5 +1,5 @@ # GitHub Actions: Run TFSEC -GitHub Action for running terraform tfsec security scanning +GitHub Action for running terraform tfsec security scanning. It is static analysis security scanner for your Terraform code ## Usage @@ -7,7 +7,7 @@ This action can be used as follows add latest version: ```yaml - name: TFSEC - uses: dasmeta/reusable-actions-workflows/tfsec@0.0.9 + uses: dasmeta/reusable-actions-workflows/tfsec@4.0.0 ``` ## For Default Configuration in .github/workflows/tfsec.yml you must have: @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest permissions: write-all steps: - - uses: dasmeta/reusable-actions-workflows/tfsec@0.0.9 + - uses: dasmeta/reusable-actions-workflows/tfsec@4.0.0 with: fetch-depth: 0 diff --git a/tfsec/action.yaml b/tfsec/action.yaml index 9ef8700..89bdb75 100644 --- a/tfsec/action.yaml +++ b/tfsec/action.yaml @@ -1,5 +1,5 @@ -name: Terraform TEST -description: "terraform tool common flow action to init, test terraform code" +name: Tfsec +description: "Static analysis security scanner for your Terraform cod" author: Das Meta branding: icon: globe