Update infra for demo site deploy (#6) #20

	name: CI Infra Checks

	on:
	push:
	branches:
	- main
	paths:
	- infra/**
	- .github/workflows/ci-infra.yml
	pull_request:
	paths:
	- infra/**
	- .github/workflows/ci-infra.yml

	jobs:
	check-terraform-format:
	name: Check Terraform format
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.2.1
	terraform_wrapper: false
	- name: Run infra-lint
	run: \|
	echo "If this fails, run 'make infra-format'"
	make infra-lint
	validate-terraform:
	name: Validate Terraform modules
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.2.1
	terraform_wrapper: false
	- name: Run infra-validate
	run: make infra-validate
	check-compliance-with-checkov:
	name: Check compliance with checkov
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	with:
	python-version: "3.10"
	- name: Run Checkov check
	# Pins to checkov-action v12.2366.0
	# which in turn pins to checkov v2.3.267
	# which is the latest release version at time of commit:
	# - https://github.com/bridgecrewio/checkov/releases/tag/2.3.267
	uses: bridgecrewio/checkov-action@v12.2366.0
	with:
	directory: infra
	framework: terraform
	quiet: true # display only failed checks
	check-compliance-with-tfsec:
	name: Check compliance with tfsec
	runs-on: ubuntu-latest

	permissions:
	contents: read
	pull-requests: write

	steps:
	- uses: actions/checkout@v3
	- name: Run tfsec check
	uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0
	with:
	github_token: ${{ github.token }}

Provide feedback