51 lines
1.6 KiB
YAML
51 lines
1.6 KiB
YAML
name: 'Terraform Unit Tests'
|
|
|
|
on:
|
|
push:
|
|
|
|
permissions:
|
|
security-events: write # Needed to upload-sarif
|
|
contents: read # Needed to clone repo
|
|
actions: read # Potentially needed for private repositories (see https://github.com/github/codeql-action/issues/2117)
|
|
|
|
jobs:
|
|
terraform-unit-tests:
|
|
name: 'Terraform Unit Tests'
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
# Checkout the repository to the GitHub Actions runner
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
|
|
- name: Setup Terraform
|
|
uses: hashicorp/setup-terraform@v3
|
|
|
|
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
|
|
- name: Terraform Init
|
|
run: terraform init -backend=false
|
|
|
|
# Validate terraform files
|
|
- name: Terraform Validate
|
|
run: terraform validate
|
|
|
|
# Checks that all Terraform configuration files adhere to a canonical format
|
|
- name: Terraform Format
|
|
run: terraform fmt -check -recursive
|
|
|
|
# Perform a security scan of the terraform code using checkov
|
|
- name: Run Checkov action
|
|
id: checkov
|
|
uses: bridgecrewio/checkov-action@master
|
|
with:
|
|
framework: terraform
|
|
|
|
# Upload results to GitHub Advanced Security
|
|
- name: Upload SARIF file
|
|
if: success() || failure()
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
sarif_file: results.sarif
|
|
category: checkov
|