Update Helm release promtail to v6.16.6 #1831
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
tags: | |
- '**' | |
pull_request: | |
types: [opened, synchronize, reopened] | |
permissions: | |
contents: write | |
discussions: write | |
actions: read | |
security-events: write | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
validate: | |
runs-on: ubuntu-latest | |
name: Validate terraform | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: terraform fmt | |
uses: dflook/terraform-fmt-check@v1 | |
with: | |
path: src | |
- name: Create temp files for terraform validation | |
run: | | |
touch src/certs/cacerts.crt | |
touch src/certs/cacerts.key | |
touch src/terraform/.env | |
touch src/clusters/k3d/.env | |
echo GITHUB_OWNER=somebody >> src/terraform/.env | |
echo GITHUB_TOKEN=sometoken >> src/terraform/.env | |
echo ORACLE_EMAIL=someemail >> src/terraform/.env | |
echo ORACLE_PASSWORD=somepassword >> src/terraform/.env | |
echo DD_API_KEY=somekey >> src/terraform/.env | |
echo DD_SITE=somedomain >> src/terraform/.env | |
echo NEW_RELIC_ENDPOINT=someendpoint >> src/terraform/.env | |
echo NEW_RELIC_LICENSE_KEY=somekey >> src/terraform/.env | |
echo DOCKER_HOST= >> src/clusters/k3d/.env | |
- name: terraform validate src-clusters-k3d | |
uses: dflook/terraform-validate@v1 | |
with: | |
path: src/clusters/k3d | |
- name: terraform validate src-clusters-kind | |
uses: dflook/terraform-validate@v1 | |
with: | |
path: src/clusters/kind | |
- name: terraform validate src-terraform | |
uses: dflook/terraform-validate@v1 | |
with: | |
path: src/terraform | |
tfsec: | |
strategy: | |
matrix: | |
include: | |
- location: src/tests/k3s | |
working_dir: src/terraform | |
- location: src/clusters/k3d | |
working_dir: src/clusters/k3d | |
- location: src/clusters/kind | |
working_dir: src/clusters/kind | |
name: tfsec sarif report | |
runs-on: ubuntu-latest | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Clone repo | |
uses: actions/checkout@v3 | |
- name: tfsec | |
uses: aquasecurity/tfsec-sarif-action@v0.1.4 | |
with: | |
sarif_file: tfsec.sarif | |
working_directory: ${{ matrix.working_dir }} | |
tfvars_file: ${{ matrix.location }}/terraform.tfvars | |
tfsec_args: --debug | |
- name: Output SARIF file | |
run: | | |
cat tfsec.sarif | |
- name: Upload SARIF file | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
# Path to SARIF file relative to the root of the repository | |
sarif_file: tfsec.sarif | |
terrascan: | |
runs-on: ubuntu-latest | |
name: terrascan-action | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Run Terrascan | |
id: terrascan | |
uses: tenable/terrascan-action@main | |
with: | |
# iac_type: 'terraform' | |
# iac_version: 'v14' | |
# policy_type: 'aws' | |
only_warn: true | |
sarif_upload: true | |
#non_recursive: | |
iac_dir: src/terraform | |
#policy_path: | |
#skip_rules: | |
config_path: terrascan_config.toml | |
- name: Upload SARIF file | |
uses: github/codeql-action/upload-sarif@v2 | |
with: | |
sarif_file: terrascan.sarif | |
release: | |
runs-on: ubuntu-latest | |
name: Release | |
needs: [validate, tfsec, terrascan] | |
if: startsWith(github.ref, 'refs/tags/') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Release | |
uses: softprops/action-gh-release@v1 | |
with: | |
generate_release_notes: true | |
discussion_category_name: Announcements | |
append_body: true |