Readme #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: qualitygate | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened] | |
jobs: | |
qualitygate: | |
name: Qualitygate | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
#fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
ref: ${{ github.event.pull_request.head.ref }} | |
- name: HashiCorp - Setup Terraform | |
uses: hashicorp/setup-terraform@v2.0.0 | |
with: | |
# # The hostname of a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`. | |
# cli_config_credentials_hostname: # optional, default is app.terraform.io | |
# # The API token for a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file. | |
# cli_config_credentials_token: # optional | |
# # The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`. | |
terraform_version: 1.3.0 # optional, default is latest | |
# # Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`. | |
# terraform_wrapper: # optional, default is true | |
- name: Setup tflint | |
uses: terraform-linters/setup-tflint@v2 | |
- name: Terraform format | |
run: terraform fmt -check -recursive | |
- name: Terraform init | |
run: terraform init -backend=false | |
- name: Terraform validate | |
run: terraform validate | |
- name: Init TFLint | |
run: tflint --init | |
- name: Terraform lint Root | |
run: tflint | |
- name: Terraform lint SIMPHERA Base | |
run: tflint --config ../../.tflint.hcl --chdir ./modules/simphera_aws_instance | |
- name: tfsec action | |
uses: aquasecurity/tfsec-action@v1.0.2 | |
with: | |
additional_args: --exclude-downloaded-modules --config-file tfsec.yaml | |
- name: Terraform-docs Update README.md | |
uses: terraform-docs/gh-actions@v1.0.0 | |
with: | |
working-dir: . | |
output-file: README.md | |
output-method: inject | |
git-push: "true" | |
- name: Terraform-docs Regenerate terraform.tfvars.example | |
uses: terraform-docs/gh-actions@v1.0.0 | |
with: | |
working-dir: . | |
config-file: tfvars.hcl.terraform-docs.yml | |
output-file: terraform.tfvars.example | |
output-method: replace | |
template: | | |
{{ .Content }} | |
git-push: "true" | |
- name: Terraform-docs Regenerate terraform.json.example | |
uses: terraform-docs/gh-actions@v1.0.0 | |
with: | |
working-dir: . | |
output-file: terraform.json.example | |
output-format: tfvars json | |
output-method: replace | |
template: | | |
{{ .Content }} | |
git-push: "true" | |