-
Notifications
You must be signed in to change notification settings - Fork 2
65 lines (53 loc) · 1.57 KB
/
checks.yaml
File metadata and controls
65 lines (53 loc) · 1.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: Terraform Deployment
on:
pull_request: null
push:
branches:
- "**"
jobs:
tflint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
name: Checkout source code
- uses: actions/cache@v4
name: Cache plugin dir
with:
path: ~/.tflint.d/plugins
key: ${{ runner.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
- uses: terraform-linters/setup-tflint@v4.1.0
name: Setup TFLint
with:
tflint_version: v0.52.0
- name: Show version
run: tflint --version
- name: Init TFLint
run: tflint --init
env:
# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
GITHUB_TOKEN: ${{ github.token }}
- name: Run TFLint
run: tflint -f compact
tfsec:
name: tfsec
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v5
- name: Cache tfsec binary
uses: actions/cache@v4
with:
path: ~/.tfsec
key: tfsec-${{ runner.os }}-${{ hashFiles('**/*.tf') }}
restore-keys: |
tfsec-${{ runner.os }}-
- name: Install tfsec (if not cached)
run: |
if [ ! -f ~/.tfsec/tfsec ]; then
mkdir -p ~/.tfsec
curl -L "https://github.com/aquasecurity/tfsec/releases/download/v1.28.0/tfsec-linux-amd64" -o ~/.tfsec/tfsec
chmod +x ~/.tfsec/tfsec
fi
shell: bash
- name: Run tfsec
run: ~/.tfsec/tfsec . || true