From f3c1ab5c24316e060e20d8cf1dc77b30e5101b7a Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Thu, 4 Apr 2024 18:41:22 +0530 Subject: [PATCH 1/3] SUMO-238066: review comment --- .github/workflows/tf-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf-test.yml b/.github/workflows/tf-test.yml index 6c32ebd6..22c6705a 100644 --- a/.github/workflows/tf-test.yml +++ b/.github/workflows/tf-test.yml @@ -54,7 +54,7 @@ jobs: - uses: bridgecrewio/checkov-action@master with: - directory: 'aws-observability-terraform/' + path: 'aws-observability-terraform/' quiet: true framework: terraform output_format: cli From aee7494497ebd5f8d4c604c9e83e6c5cf5f3da16 Mon Sep 17 00:00:00 2001 From: shivani-sumo Date: Thu, 4 Apr 2024 18:42:16 +0530 Subject: [PATCH 2/3] SUMO-238066: review comment --- .github/workflows/tf-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf-test.yml b/.github/workflows/tf-test.yml index 22c6705a..4a585c8e 100644 --- a/.github/workflows/tf-test.yml +++ b/.github/workflows/tf-test.yml @@ -12,7 +12,7 @@ jobs: - name: terraform validate uses: dflook/terraform-validate@v1 with: - directory: aws-observability-terraform/ + path: aws-observability-terraform/ ValidateLinting: runs-on: ubuntu-latest @@ -54,7 +54,7 @@ jobs: - uses: bridgecrewio/checkov-action@master with: - path: 'aws-observability-terraform/' + directory: 'aws-observability-terraform/' quiet: true framework: terraform output_format: cli From 6daf96f2a0db38fb9cb4b76e116b0c22e30d03f1 Mon Sep 17 00:00:00 2001 From: Himanshu Pal Date: Thu, 4 Apr 2024 19:00:15 +0530 Subject: [PATCH 3/3] added aws ruleset and added recursive --- .github/workflows/tf-test.yml | 14 ++++++++------ aws-observability-terraform/.tflint.hcl | 10 ++++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 aws-observability-terraform/.tflint.hcl diff --git a/.github/workflows/tf-test.yml b/.github/workflows/tf-test.yml index 4a585c8e..b841ec9b 100644 --- a/.github/workflows/tf-test.yml +++ b/.github/workflows/tf-test.yml @@ -4,7 +4,7 @@ on: [workflow_dispatch, pull_request] jobs: ValidateTF: runs-on: ubuntu-latest - name: "Validate Terraform module" + name: "Validate Terraform module for AWSO" steps: - name: Checkout uses: actions/checkout@v3 @@ -16,13 +16,15 @@ jobs: ValidateLinting: runs-on: ubuntu-latest - name: "Terraform template linting verification" - + name: "Terraform template linting verification for AWSO" steps: - uses: actions/checkout@v4 name: Checkout source code + - name: Change directory + run: cd aws-observability-terraform/ + - uses: actions/cache@v4 name: Cache plugin dir with: @@ -43,10 +45,10 @@ jobs: GITHUB_TOKEN: '' - name: Run TFLint - run: tflint -f compact + run: tflint --recursive -f checkstyle TFSecurityChecks: - name: "terraform template tests using checkov" + name: "terraform template tests using checkov for AWSO" runs-on: "ubuntu-latest" steps: - name: Checkout repo @@ -59,4 +61,4 @@ jobs: framework: terraform output_format: cli output_bc_ids: false - download_external_modules: true \ No newline at end of file + download_external_modules: true diff --git a/aws-observability-terraform/.tflint.hcl b/aws-observability-terraform/.tflint.hcl new file mode 100644 index 00000000..49948351 --- /dev/null +++ b/aws-observability-terraform/.tflint.hcl @@ -0,0 +1,10 @@ +plugin "aws" { + enabled = true + version = "0.30.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +plugin "terraform" { + enabled = true + preset = "recommended" +}