tfsec

tfsec #812

Workflow file for this run

	---
	name: tfsec
	"on":
	push:
	branches:
	- trunk
	pull_request:
	branches:
	- trunk
	schedule:
	- cron: "0 0 * * TUE"
	jobs:
	terraform:
	name: Audit Terraform Infrastructure as Code
	permissions:
	id-token: write
	contents: read
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3.6.0

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@04b98b3f9e85f563fb061be8751a0352327246b0 # v3.0.1
	with:
	aws-region: us-west-2
	role-to-assume: arn:aws:iam::447522982029:role/gha-project-infrastructure-s3-ro-20220212013048188700000001
	role-session-name: GitHubActionsSession@tfsec-terraform

	- name: Show AWS caller identity
	run: aws sts get-caller-identity

	- name: "Setup Terraform"
	uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3
	with:
	terraform_version: 1.x

	- name: "terraform init"
	run: \|
	terraform -chdir=aws init
	terraform -chdir=github-org-artichoke init
	terraform -chdir=github-org-artichokeruby init
	terraform -chdir=github-org-artichoke-ruby init
	terraform -chdir=remote-state init

	- name: "tfsec aws"
	uses: docker://aquasec/tfsec:latest
	id: tfsec_aws
	continue-on-error: true
	with:
	entrypoint: tfsec
	args: aws

	- name: "tfsec github-org-artichoke"
	uses: docker://aquasec/tfsec:latest
	id: tfsec_github_artichoke
	continue-on-error: true
	with:
	entrypoint: tfsec
	args: github-org-artichoke

	- name: "tfsec github-org-artichokeruby"
	uses: docker://aquasec/tfsec:latest
	id: tfsec_github_artichokeruby
	continue-on-error: true
	with:
	entrypoint: tfsec
	args: github-org-artichokeruby

	- name: "tfsec github-org-artichoke-ruby"
	uses: docker://aquasec/tfsec:latest
	id: tfsec_github_artichoke_ruby
	continue-on-error: true
	with:
	entrypoint: tfsec
	args: github-org-artichoke-ruby

	- name: "tfsec remote-state"
	uses: docker://aquasec/tfsec:latest
	id: tfsec_remote_state
	continue-on-error: true
	with:
	entrypoint: tfsec
	args: remote-state

	- name: "Check on failures"
	run: \|
	failed=""
	if [[ ${{ steps.tfsec_aws.outcome }} != "success" ]]; then
	failed="y"
	echo >&2 "tfsec aws failed"
	fi
	if [[ ${{ steps.tfsec_github_artichoke.outcome }} != "success" ]]; then
	failed="y"
	echo >&2 "tfsec github-org-artichoke failed"
	fi
	if [[ ${{ steps.tfsec_github_artichokeruby.outcome }} != "success" ]]; then
	failed="y"
	echo >&2 "tfsec github-org-artichokeruby failed"
	fi
	if [[ ${{ steps.tfsec_github_artichoke_ruby.outcome }} != "success" ]]; then
	failed="y"
	echo >&2 "tfsec github-org-artichoke-ruby failed"
	fi
	if [[ ${{ steps.tfsec_remote_state.outcome }} != "success" ]]; then
	failed="y"
	echo >&2 "tfsec remote-state failed"
	fi
	if [[ -n "$failed" ]]; then
	exit 1
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tfsec #812

Workflow file

tfsec #812

Jobs

Run details

Workflow file for this run