fix: added node security group additional rule to allow all traffic i… #1000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Terraform-ci" | |
on: [push, pull_request] | |
defaults: | |
run: | |
shell: sh | |
jobs: | |
# Terraform validate configuration | |
terraform-validate: | |
name: "Terraform-validate" | |
runs-on: ubuntu-latest | |
container: | |
image: maddevsio/terraform-utils:latest | |
env: | |
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Terraform Init l1 | |
working-directory: ./terraform/layer1-aws | |
run: terraform init -backend=false | |
- name: Terraform Init l2 | |
working-directory: ./terraform/layer2-k8s | |
run: terraform init -backend=false | |
- name: Terraform Validate l1 | |
working-directory: ./terraform/layer1-aws | |
run: terraform validate -no-color . | |
- name: Terraform Validate l2 | |
working-directory: ./terraform/layer2-k8s | |
run: terraform validate -no-color . | |
- name: Upload files for l1 | |
uses: actions/upload-artifact@v2 | |
with: | |
name: l1 | |
path: ./terraform/layer1-aws/.terraform | |
retention-days: 1 | |
# Checks that all Terraform configuration files format | |
terraform-format: | |
name: "Terraform-format" | |
runs-on: ubuntu-latest | |
container: | |
image: maddevsio/terraform-utils:latest | |
env: | |
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Terraform Format | |
run: terraform fmt -recursive -write=false -check . | |
working-directory: ./terraform | |
# Checks that all Terraform configuration files tflint | |
terraform-tflint: | |
name: "Terraform-tflint" | |
runs-on: ubuntu-latest | |
container: | |
image: maddevsio/terraform-utils:latest | |
env: | |
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Terraform tflint l1 | |
working-directory: ./terraform/layer1-aws | |
run: tflint --no-color | |
- name: Terraform tflint l2 | |
working-directory: ./terraform/layer2-k8s | |
run: tflint --no-color | |
terraform-tfsec-l1: | |
name: "Terraform-tfsec-l1" | |
needs: terraform-validate | |
runs-on: ubuntu-latest | |
container: | |
image: aquasec/tfsec | |
options: --user root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download init for l1 | |
uses: actions/download-artifact@v4 | |
with: | |
name: l1 | |
path: ./terraform/layer1-aws/.terraform | |
- name: tfsec l1 | |
working-directory: ./terraform | |
run: tfsec layer1-aws | |
- uses: geekyeggo/delete-artifact@v5 | |
with: | |
name: l1 | |
failOnError: false | |
if: ${{ always() }} |