chore: cra config (#642)

Author: rajatagarwal-ibm

.github/workflows/ci.yml

@@ -11,5 +11,4 @@ jobs:
     secrets: inherit
     with:
         craSCCv2: true
-        craTarget: "examples/default"
-        craRuleIgnoreFile: "cra-tf-validate-ignore-rules.json"
+        craConfigYamlFile: "cra-config.yaml"

cra-config.yaml

@@ -0,0 +1,6 @@
+# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
+version: "v1"
+CRA_TARGETS:
+  - CRA_TARGET: "examples/default" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+    CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
+    PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).

cra-tf-validate-ignore-rules.json

@@ -11,6 +11,12 @@
             "description:": "Check whether Cloud Object Storage is enabled with customer-managed encryption and Keep Your Own Key (KYOK)",
             "ignore_reason": "This module does not create any Cloud object storage and it is used in an example for testing purpose.",
             "is_valid": false
+        },
+        {
+            "scc_rule_id": "rule-216e2449-27d7-4afc-929a-b66e196a9cf9",
+            "description": "Check whether Flow Logs for VPC are enabled",
+            "ignore_reason": "This rule should not be failing as we do enable flow logs in the code. Bug reported with CRA: https://github.ibm.com/oneibmcloud/CD-CRA/issues/1907",
+            "is_valid": false
         }
     ]
 }