Skip to content

Update Helm release promtail to v6.16.6 #1831

Update Helm release promtail to v6.16.6

Update Helm release promtail to v6.16.6 #1831

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
branches:
- master
tags:
- '**'
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: write
discussions: write
actions: read
security-events: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
validate:
runs-on: ubuntu-latest
name: Validate terraform
steps:
- name: Checkout
uses: actions/checkout@v3
- name: terraform fmt
uses: dflook/terraform-fmt-check@v1
with:
path: src
- name: Create temp files for terraform validation
run: |
touch src/certs/cacerts.crt
touch src/certs/cacerts.key
touch src/terraform/.env
touch src/clusters/k3d/.env
echo GITHUB_OWNER=somebody >> src/terraform/.env
echo GITHUB_TOKEN=sometoken >> src/terraform/.env
echo ORACLE_EMAIL=someemail >> src/terraform/.env
echo ORACLE_PASSWORD=somepassword >> src/terraform/.env
echo DD_API_KEY=somekey >> src/terraform/.env
echo DD_SITE=somedomain >> src/terraform/.env
echo NEW_RELIC_ENDPOINT=someendpoint >> src/terraform/.env
echo NEW_RELIC_LICENSE_KEY=somekey >> src/terraform/.env
echo DOCKER_HOST= >> src/clusters/k3d/.env
- name: terraform validate src-clusters-k3d
uses: dflook/terraform-validate@v1
with:
path: src/clusters/k3d
- name: terraform validate src-clusters-kind
uses: dflook/terraform-validate@v1
with:
path: src/clusters/kind
- name: terraform validate src-terraform
uses: dflook/terraform-validate@v1
with:
path: src/terraform
tfsec:
strategy:
matrix:
include:
- location: src/tests/k3s
working_dir: src/terraform
- location: src/clusters/k3d
working_dir: src/clusters/k3d
- location: src/clusters/kind
working_dir: src/clusters/kind
name: tfsec sarif report
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: tfsec
uses: aquasecurity/tfsec-sarif-action@v0.1.4
with:
sarif_file: tfsec.sarif
working_directory: ${{ matrix.working_dir }}
tfvars_file: ${{ matrix.location }}/terraform.tfvars
tfsec_args: --debug
- name: Output SARIF file
run: |
cat tfsec.sarif
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
terrascan:
runs-on: ubuntu-latest
name: terrascan-action
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Run Terrascan
id: terrascan
uses: tenable/terrascan-action@main
with:
# iac_type: 'terraform'
# iac_version: 'v14'
# policy_type: 'aws'
only_warn: true
sarif_upload: true
#non_recursive:
iac_dir: src/terraform
#policy_path:
#skip_rules:
config_path: terrascan_config.toml
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: terrascan.sarif
release:
runs-on: ubuntu-latest
name: Release
needs: [validate, tfsec, terrascan]
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Release
uses: softprops/action-gh-release@v1
with:
generate_release_notes: true
discussion_category_name: Announcements
append_body: true