From f3fb366be820394f661a7f734f4e0c2ca47be9e9 Mon Sep 17 00:00:00 2001 From: Martin Buchleitner Date: Tue, 14 May 2024 11:12:42 +0200 Subject: [PATCH 1/2] fix: Workflow action def Signed-off-by: Martin Buchleitner --- .github/workflows/tf-analyse.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tf-analyse.yml b/.github/workflows/tf-analyse.yml index 5c15514..7985844 100644 --- a/.github/workflows/tf-analyse.yml +++ b/.github/workflows/tf-analyse.yml @@ -14,7 +14,6 @@ on: description: 'Mondoo Service Account' required: true jobs: - analyze_tf: runs-on: ubuntu-latest @@ -30,7 +29,7 @@ jobs: - name: run terraform anlysis if: ( steps.detect.outputs.all_changed_files != '' && always() ) || ( github.event_name == 'workflow_dispatch' && always() ) - uses: infralovers/.github/.github/workflows/terraform-analyse@main + uses: infralovers/.github/.github/workflows/terraform-analyse with: tfdir: ${{ inputs.tfdir }} mondoo_service_account: ${{ secrets.MONDOO_SERVICE_ACCOUNT }} From 3b39cb535d7bc255ac9402a187e9383973fa35f5 Mon Sep 17 00:00:00 2001 From: Martin Buchleitner Date: Tue, 14 May 2024 12:59:49 +0200 Subject: [PATCH 2/2] fix: Seperate action Signed-off-by: Martin Buchleitner --- .../workflows/terraform-analyse/action.yml | 50 ------------------- .github/workflows/tf-analyse.yml | 2 +- 2 files changed, 1 insertion(+), 51 deletions(-) delete mode 100644 .github/workflows/terraform-analyse/action.yml diff --git a/.github/workflows/terraform-analyse/action.yml b/.github/workflows/terraform-analyse/action.yml deleted file mode 100644 index 5badc72..0000000 --- a/.github/workflows/terraform-analyse/action.yml +++ /dev/null @@ -1,50 +0,0 @@ ---- - -name: 'Terraform Analyse' -description: 'analyse terraform code' -inputs: - tfdir: - description: 'Directory to scan' - required: true - default: '.' - mondoo_service_account: - description: 'Mondoo service account bas64 encoded' - required: true - default: '' -outputs: {} -runs: - using: "composite" - steps: - - name: mondoo terraform hcl scan - uses: mondoohq/actions/terraform-hcl@v11.0.0 - if: always() - env: - MONDOO_CONFIG_BASE64: ${{ inputs.mondoo_service_account }} - with: - path: ${{ inputs.tfdir }} - output: 'summary' - - - name: kics scan - uses: checkmarx/kics-github-action@v2 - if: always() - with: - path: ${{ inputs.tfdir }} - output_formats: "json" - - - name: trivy scan - uses: aquasecurity/trivy-action@master - if: always() - with: - scan-type: 'fs' - scan-ref: ${{ inputs.tfdir }} - scanners: 'vuln,misconfig' - format: 'table' - - - name: checkov scan - uses: bridgecrewio/checkov-action@v12 - if: always() - with: - directory: ${{ inputs.tfdir }} - output_format: cli,sarif - quiet: false - skip_path: 'policies' # incorrect hcl handling in checkov diff --git a/.github/workflows/tf-analyse.yml b/.github/workflows/tf-analyse.yml index 7985844..126b26e 100644 --- a/.github/workflows/tf-analyse.yml +++ b/.github/workflows/tf-analyse.yml @@ -29,7 +29,7 @@ jobs: - name: run terraform anlysis if: ( steps.detect.outputs.all_changed_files != '' && always() ) || ( github.event_name == 'workflow_dispatch' && always() ) - uses: infralovers/.github/.github/workflows/terraform-analyse + uses: infralovers/terraform-analyse-action@main with: tfdir: ${{ inputs.tfdir }} mondoo_service_account: ${{ secrets.MONDOO_SERVICE_ACCOUNT }}