Skip to content

chore(deps): update step-security/harden-runner digest to f4f3f44 #187

chore(deps): update step-security/harden-runner digest to f4f3f44

chore(deps): update step-security/harden-runner digest to f4f3f44 #187

Workflow file for this run

name: Code Review
on: [pull_request]
jobs:
# -- LINT -------------------------------------------------------------------
tflint:
name: TFLint
runs-on: ubuntu-latest
env:
TF_VAR_tenancy_ocid: ${{secrets.OCI_TENANCY_OCID}}
TF_VAR_compartment_ocid: ${{secrets.OCI_COMPARTMENT_OCID}}
TF_VAR_user_ocid: ${{secrets.OCI_USER_OCID}}
TF_VAR_fingerprint: ${{secrets.OCI_FINGERPRINT}}
TF_VAR_private_key: ${{secrets.OCI_PRIVATE_KEY}}
TF_VAR_region: ${{secrets.OCI_REGION}}
TF_VAR_cf_api_token: ${{secrets.CLOUDFLARE_API_TOKEN}}
steps:
- name: Harden GitHub Actions Runner
uses: step-security/harden-runner@f4f3f445f343c08c93d7771433e8dee4267e05b9
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Setup Terraform
uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
# Run init to get module code to be able to use `--module`
- name: Terraform init
run: terraform init
working-directory: ./terraform
# Run TFLint
- name: Run TFlint with reviewdog output on the PR
uses: reviewdog/action-tflint@2fa60920754fb622564b410ad421ab596adb628a # v1.22.0
# -- SECURITY ---------------------------------------------------------------
tfsec:
name: TFSec
runs-on: ubuntu-latest
env:
TF_VAR_tenancy_ocid: ${{secrets.OCI_TENANCY_OCID}}
TF_VAR_compartment_ocid: ${{secrets.OCI_COMPARTMENT_OCID}}
TF_VAR_user_ocid: ${{secrets.OCI_USER_OCID}}
TF_VAR_fingerprint: ${{secrets.OCI_FINGERPRINT}}
TF_VAR_private_key: ${{secrets.OCI_PRIVATE_KEY}}
TF_VAR_region: ${{secrets.OCI_REGION}}
TF_VAR_cf_account_id: ${{secrets.CLOUDFLARE_ACCOUNT_ID}}
CLOUDFLARE_API_TOKEN: ${{secrets.CLOUDFLARE_API_TOKEN}}
steps:
- name: Harden GitHub Actions Runner
uses: step-security/harden-runner@f4f3f445f343c08c93d7771433e8dee4267e05b9
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# Run TFSec
- name: Run TFsec with reviewdog output on the PR
uses: reviewdog/action-tfsec@c857cddbb77f842a7e0bdd64d0e7d765eb759c02 # v1.23.0