feat: Added workflow for cloudformation linter and security scan

.github/workflows/cf-lint.yml

@@ -0,0 +1,28 @@
+---
+name: cloudformation-linter
+on:
+ workflow_call:
+ inputs:
+ cf_file_path:
+ required: true
+ type: string
+ description: 'path of cloudformation template.'
+
+jobs:
+ cloudformation-linter:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: cfn-lint-action
+ uses: ScottBrenner/cfn-lint-action@v2
+ with:
+ command: cfn-lint -t ${{ inputs.cf_file_path }}
+
+ - name: cfn security checks
+ uses: minchao/cfn-nag-action@v0.1
+ with:
+ args: '--input-path ${{ inputs.cf_file_path }}'
+...

.github/workflows/terraform_workflow.yml

@@ -42,6 +42,11 @@ on:
  type: number
  default: 10
  description: 'Timeout for approval step'
+ minimum-approvals:
+ required: false
+ type: string
+ default: 1
+ description: 'Minimum approvals required to accept the plan'
  secrets:
  AZURE_CREDENTIALS:
  required: false
@@ -73,6 +78,9 @@ on:
  SPACES_SECRET_ACCESS_KEY:
  required: false
  description: 'Spaces secret access key for digitalocean if required'
+ TF_VAR_access_token:
+ required: false
+ description: 'TF var access token'
 
 jobs:
  terraform-workflow:
@@ -82,6 +90,8 @@ jobs:
  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
  SPACES_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY_ID }}
  SPACES_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_ACCESS_KEY }}
+ TF_VAR_access_token: ${{ secrets.TF_VAR_access_token }}
+
  outputs:
  tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}
 
@@ -193,6 +203,7 @@ jobs:
  with:
  secret: ${{ github.TOKEN }}
  approvers: ${{ inputs.approvers }}
+ minimum-approvals: ${{ inputs.minimum-approvals }}
  issue-title: "Terraform Plan for Infrastructure Update"
 
  - name: terraform apply

.github/workflows/ymllint-internal.yml

@@ -0,0 +1,8 @@
+---
+name: YAML-LINTER
+on: [pull_request]
+
+jobs:
+ YAML-LINTER:
+ uses: clouddrove/github-shared-workflows/.github/workflows/ymllint.yml@master
+...

.github/workflows/ymllint.yml

@@ -1,6 +1,7 @@
 ---
-name: Yaml Lint
-on: [pull_request]
+name: YAML-LINTER
+on:
+ workflow_call:
 jobs:
  Yaml-Lint:
  runs-on: ubuntu-latest
@@ -41,7 +42,7 @@ jobs:
  empty-lines:
  level: error
  empty-values:
- level: error
+ level: warning
  float-values:
  level: error
  hyphens:

docs/terraform_workflow.md

@@ -23,6 +23,7 @@ jobs:
  var_file: # name of tfvar file e.g "variable.tfvar"
  aws_region: # specify region eg. us-east-2
  approvers: # Assignee name for approve apply or destroy step
+ minimum-approvals: # Minimum number of approvals required to progress the workflow, deafault value is 1
  terraform_version: # Specify terraform version e.g 1.3.6
  destroy: # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
  secrets:
@@ -49,6 +50,7 @@ jobs:
  working_directory: # Specify terraform code directory in repo
  var_file: # Name of tfvar file e.g "variable.tfvar"
  approvers: # Assignee name for approve apply or destroy step
+ minimum-approvals: # Minimum number of approvals required to progress the workflow, deafault value is 1
  terraform_version: # Specify terraform version e.g 1.3.6
  destroy: # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
  secrets:
@@ -72,6 +74,7 @@ jobs:
  working_directory: # Specify terraform code directory in repo
  var_file: # Name of tfvar file e.g "variable.tfvar"
  approvers: # Assignee name for approve apply or destroy step
+ minimum-approvals: # Minimum number of approvals required to progress the workflow, deafault value is 1
  terraform_version: # Specify terraform version e.g 1.3.6
  destroy: # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
  secrets:
@@ -97,6 +100,7 @@ jobs:
  working_directory: # Specify terraform code directory in repo
  var_file: # Name of tfvar file e.g "variable.tfvar"
  approvers: # Assignee name for approve apply or destroy step
+ minimum-approvals: # Minimum number of approvals required to progress the workflow, deafault value is 1
  terraform_version: # Specify terraform version e.g 1.3.6
  destroy: # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
  secrets: