Skip to content

Commit

Permalink
Merge pull request #13 from clouddrove/cd-307
Browse files Browse the repository at this point in the history
use terraform letast version
  • Loading branch information
yadavprakash authored Jan 19, 2023
2 parents 1284644 + 37183ff commit 23f72a2
Show file tree
Hide file tree
Showing 8 changed files with 108 additions and 97 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/readme.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,32 +10,32 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@master
uses: actions/checkout@v2.3.4

- name: Set up Python 3.7.
uses: actions/setup-python@v2
with:
python-version: '3.x'

- name: 'create readme'
uses: 'clouddrove/github-actions@v9.0.1'
uses: 'clouddrove/github-actions@v9.0.2'
with:
actions_subcommand: 'readme'
github_token: '${{ secrets.GITHUB}}'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}


- name: 'pre-commit check errors'
- name: pre-commit check errors
uses: pre-commit/action@v2.0.0
continue-on-error: true

- name: 'pre-commit fix erros'
- name: pre-commit fix erros
uses: pre-commit/action@v2.0.0
continue-on-error: true

- name: 'push readme'
uses: 'clouddrove/github-actions@v9.0.1'
uses: 'clouddrove/github-actions@v9.0.2'
continue-on-error: true
with:
actions_subcommand: 'push'
Expand All @@ -51,4 +51,4 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
if: always()
if: always()
129 changes: 56 additions & 73 deletions .github/workflows/terraform.yml
Original file line number Diff line number Diff line change
@@ -1,100 +1,83 @@
name: 'Terraform GitHub Actions'
name: static-checks

on:
pull_request:
branches:
- master

jobs:
fmt:
name: 'terraform fmt'
versionExtract:
name: Get min/max versions
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v2.3.4

- name: 'Terraform Format'
uses: 'clouddrove/github-actions@v7.0'
with:
actions_subcommand: 'fmt'

validate:
name: 'terraform validate'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v2.3.4

- name: 'Configure AWS Credentials'
uses: clouddrove/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
aws-region: us-east-2
- name: Checkout
uses: actions/checkout@v2

- name: 'Terraform init'
uses: 'clouddrove/github-actions@v7.0'
with:
actions_subcommand: 'init'
tf_actions_working_dir: ./_example
- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@main
outputs:
minVersion: ${{ steps.minMax.outputs.minVersion }}
maxVersion: ${{ steps.minMax.outputs.maxVersion }}

- name: 'Terraform validate'
uses: 'clouddrove/github-actions@v7.0'
with:
actions_subcommand: 'validate'
tf_actions_working_dir: ./_example

plan:
name: 'terraform plan'
versionEvaluate:
name: Evaluate Terraform versions
runs-on: ubuntu-latest
needs: versionExtract
strategy:
fail-fast: false
matrix:
version:
- ${{ needs.versionExtract.outputs.minVersion }}
- ${{ needs.versionExtract.outputs.maxVersion }}
directory:
- _example/

steps:
- name: 'Checkout'
uses: actions/checkout@v2.3.4
- name: Checkout
uses: actions/checkout@v2

- name: 'Terraform init'
uses: 'clouddrove/github-actions@v7.0'
- name: Install Terraform v${{ matrix.version }}
uses: hashicorp/setup-terraform@v1
with:
actions_subcommand: 'init'
tf_actions_working_dir: ./_example
terraform_version: ${{ matrix.version }}

- name: 'Configure AWS Credentials'
uses: clouddrove/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
aws-region: us-east-2
aws-region: eu-west-1

- name: 'Terraform plan'
uses: 'clouddrove/github-actions@v7.0'
- name: Init & validate v${{ matrix.version }}
run: |
cd ${{ matrix.directory }}
terraform init
terraform validate
terraform plan -input=false -no-color
- name: tflint
uses: reviewdog/action-tflint@master
with:
actions_subcommand: 'plan'
tf_actions_working_dir: ./_example

pre-commit:
name: 'Pre-Commit'
needs:
- fmt
- plan
- validate
tflint_version: v0.29.0
github_token: ${{ secrets.GITHUB }}
working_directory: ${{ matrix.directory }}
fail_on_error: 'true'
filter_mode: 'nofilter'
flags: '--module'

format:
name: Check code format
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v2.3.4
needs: versionExtract

- name: 'Install Tflint'
run: |
curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
- name: 'Pre-Commit 🔎'
uses: pre-commit/action@v2.0.3
continue-on-error: true
steps:
- name: Checkout
uses: actions/checkout@v2

- name: 'Slack Notification'
uses: clouddrove/action-slack@v2
- name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
uses: hashicorp/setup-terraform@v1
with:
status: ${{ job.status }}
fields: repo,author
author_name: 'CloudDrove'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
if: always()
terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}

- name: Check Terraform format changes
run: terraform fmt --recursive
31 changes: 21 additions & 10 deletions .github/workflows/terratest.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,38 @@ on:
types: [labeled]

jobs:
Terratest:
name: 'Terratest'
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
steps:

- name: 'Checkout'
uses: actions/checkout@v2.3.4
uses: actions/checkout@master

- name: 'Configure AWS Credentials'
- name: Configure AWS Credentials
uses: clouddrove/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
aws-region: us-east-2
aws-region: eu-west-1

- name: 'Terratest'
uses: 'clouddrove/github-actions@v7.0'
- name: 'Terratest Basic'
if: ${{ github.event.label.name == 'terratest' }}
uses: 'clouddrove/github-actions@v9.0.2'
with:
actions_subcommand: 'terratest'
if: ${{ github.event.label.name == 'terratest' }}
tf_actions_working_dir: '_test'
tf_actions_working_dir: '_test/basic_example'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: 'Terratest Secure'
if: ${{ github.event.label.name == 'terratest' }}
uses: 'clouddrove/github-actions@v9.0.2'
with:
actions_subcommand: 'terratest'
tf_actions_working_dir: '_test/ebs_mount'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: 'Slack Notification'
uses: clouddrove/action-slack@v2
Expand All @@ -37,4 +48,4 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
if: always()
if: always()
21 changes: 19 additions & 2 deletions .github/workflows/tfsec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,28 @@ jobs:
uses: aquasecurity/tfsec-sarif-action@v0.1.0
with:
sarif_file: tfsec.sarif
working_directory: _example
working_directory: ./_example/
full_repo_scan: true

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: tfsec.sarif
sarif_file: tfsec.sarif

- name: tfsec commenter for PR
uses: tfsec/tfsec-pr-commenter-action@main
with:
GITHUB_TOKEN: ${{ secrets.GITHUB}}
working_directory: ./_example/


- name: 'Terraform security scan Advanced'
uses: triat/terraform-security-scan@v3.0.3
if: github.event_name == 'pull_request'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB}}
tfsec_actions_working_dir: ./_example/
tfsec_actions_comment: true
tfsec_output_format: sarif
continue-on-error: true
2 changes: 1 addition & 1 deletion README.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ usage : |-
```hcl
module "iam-user" {
source = "clouddrove/iam-user/aws"
version = "0.15.0"
version = "1.3.0"
name = "iam-user"
environment = "test"
label_order = ["name","environment"]
Expand Down
2 changes: 1 addition & 1 deletion _example/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ module "iam-user" {
environment = "test"
label_order = ["name", "environment"]

policy_enabled = true
policy_enabled = false
policy = data.aws_iam_policy_document.default.json
pgp_key = ""
password_length = 20
Expand Down
6 changes: 3 additions & 3 deletions _example/versions.tf
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# Terraform version
terraform {
required_version = ">= 0.14.0"
required_version = ">= 1.3.6"

required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.1.15"
version = ">= 4.48.0"
}
}
}
}
2 changes: 1 addition & 1 deletion main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

module "labels" {
source = "clouddrove/labels/aws"
version = "0.15.0"
version = "1.3.0"

name = var.name
environment = var.environment
Expand Down

0 comments on commit 23f72a2

Please sign in to comment.