more test workflow #12
Conversation
|
Terraform plan in terraform/environment/github With variablesaws_account = (sensitive value)
aws_region = (sensitive value)
environment = "main"
state_bucket = "terraform-state-021891603679"Plan: 1 to add, 0 to change, 0 to destroy.Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# null_resource.test will be created
+ resource "null_resource" "test" {
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.📝 Plan generated in Environment Main - Plan #18 |
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
| @@ -27,7 +27,7 @@ jobs: | |||
| role-session-name: GitHubTest | |||
| aws-region: ${{ vars.AWS_REGION }} | |||
| - name: terraform plan | |||
| uses: dflook/terraform-apply@4aa6179df0f08cabedbf3b340b419adf5c328546 | |||
| uses: dflook/terraform-apply@v1.44.0 | |||
There was a problem hiding this comment.
The issue identified by the Semgrep linter is that the GitHub Action dflook/[email protected] is not pinned to a full-length commit SHA. Pinning an action to a full-length commit SHA ensures that the action is immutable and cannot be altered by the action's authors, which can enhance security by preventing unexpected changes or malicious code from being introduced.
To fix this issue, you should replace the version v1.44.0 with the specific full-length commit SHA that corresponds to this version. Here’s the code suggestion to fix the issue:
| uses: dflook/terraform-apply@v1.44.0 | |
| uses: dflook/terraform-apply@c4f3a3e5a4e9c8b6c5e6d9d5e8c9f4b2f3e8d9f6 |
(Note: The commit SHA c4f3a3e5a4e9c8b6c5e6d9d5e8c9f4b2f3e8d9f6 is an example. You should replace it with the actual commit SHA for the version v1.44.0 of the dflook/terraform-apply action.)
This comment was generated by an experimental AI tool.
No description provided.