Skip to content

refactor: extract data sources to its own dedicated file #2008

refactor: extract data sources to its own dedicated file

refactor: extract data sources to its own dedicated file #2008

Workflow file for this run

---
name: CI
on: # yamllint disable-line rule:truthy
pull_request:
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
permissions:
contents: read
pull-requests: write
jobs:
verify_module:
name: Verify module
strategy:
matrix:
terraform: [1.3.9]
runs-on: ubuntu-latest
container:
image: hashicorp/terraform:${{ matrix.terraform }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- run: terraform init -get -backend=false -input=false
- run: terraform fmt -recursive -check=true -write=false
verify_examples:
name: Verify examples
strategy:
fail-fast: false
matrix:
terraform: [1.3.9, latest]
example:
[
"runner-default",
"runner-docker",
"runner-pre-registered",
"runner-public",
"runner-certificates",
]
defaults:
run:
working-directory: examples/${{ matrix.example }}
runs-on: ubuntu-latest
container:
image: hashicorp/terraform:${{ matrix.terraform }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- run: terraform init -get -backend=false -input=false
- if: contains(matrix.terraform, '1.3.')
run: terraform fmt -recursive -check=true -write=false
- run: terraform validate
linter:
name: MegaLinter
runs-on: ubuntu-latest
steps:
# Git Checkout
- name: Checkout Code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances
# MegaLinter
- name: MegaLinter
id: ml
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/flavors/
uses: oxsecurity/megalinter@b48455a119cc28045eee8f1e9d0a542a85e71f4f # v7.5.0
env:
# All available variables are described in documentation
# https://megalinter.io/configuration/
VALIDATE_ALL_CODEBASE: false
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
SPELL_CSPELL_FILTER_REGEX_EXCLUDE: (\.gitignore|.tflint.hcl|CHANGELOG.md)
# needed to avoid multiple error messages
TERRAFORM_TERRASCAN_ARGUMENTS: "--non-recursive"
# format issues fail the build
TERRAFORM_TERRAFORM_FMT_DISABLE_ERRORS: false
# it's an auto-generated file
MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (CHANGELOG.md)
# it's an auto-generated file
MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_EXCLUDE: (CHANGELOG.md)
PAT: ${{ secrets.GITHUB_TOKEN }}
# automatically commit fixes to the feature branch
APPLY_FIXES: all
APPLY_FIXES_EVENT: pull_request
APPLY_FIXES_MODE: commit
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: ${{ success() || failure() }}
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
kics:
runs-on: ubuntu-latest
container:
image: checkmarx/kics:v1.7.10-debian@sha256:13fa574a0b0220c93b966b84d98edb37d9d1f075c173c4ab10a33f6e61fc6761
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# ignore: "tags not used", "access analyzer not used", "shield advanced not used"
- run: kics scan -p . -o . --exclude-queries e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10,e592a0c5-5bdb-414c-9066-5dba7cdea370,084c6686-2a70-4710-91b1-000393e54c12
tflint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
name: Checkout source code
- uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3
name: Cache plugin dir
with:
path: ~/.tflint.d/plugins
key: tflint-${{ hashFiles('.tflint.hcl') }}
- uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4
name: Setup TFLint
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tflint_version: latest
- name: Show version
run: tflint --version
- name: Init TFLint
run: tflint --init
- name: Run TFLint
# assign necessary variables to avoid errors
run: 'tflint --var ''enable_managed_kms_key=true'' --var=''runner_instance={"name_prefix": "a", "name": "b"}'''
tfsec:
name: tfsec PR commenter
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: tfsec
uses: aquasecurity/tfsec-pr-commenter-action@7a44c5dcde5dfab737363e391800629e27b6376b # v1.3.1
with:
github_token: ${{ github.token }}