Skip to content

make kms key optional for pipeline logs #127

make kms key optional for pipeline logs

make kms key optional for pipeline logs #127

Workflow file for this run

name: terraform-ci
on:
pull_request:
jobs:
fmt-validate:
needs: []
name: Run format and validate
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- run: git fetch --depth=1 origin +${{github.base_ref}}
- uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: latest
cli_config_credentials_token: ${{ secrets.TFE_TOKEN }}
- name: Terraform init
run: terraform init
- name: precommit run hooks
uses: pre-commit/[email protected]
env:
SKIP: tflint,markdown-link-check,terraform_docs,terraform_tfsec,checkov,terraform_tflint
with:
extra_args: --color=always --show-diff-on-failure --all-files
token: ${{ secrets.GITHUB_TOKEN }}
- run: terraform -v
lint:
needs: []
name: Run tfliint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: latest
cli_config_credentials_token: ${{ secrets.TFE_TOKEN }}
- name: Terraform init
run: terraform init
- name: Run tflint with review comment on PR
uses: reviewdog/action-tflint@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
tflint_init: true
filter_mode: "nofilter"
reporter: github-pr-review
# tflint_rulesets: "aws"
flags: --module
security:
needs: []
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run tfsec with reviewdog output on the PR
uses: reviewdog/action-tfsec@master
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-review
flags: -tee
- name: Run Checkov action
id: checkov
uses: bridgecrewio/checkov-action@master