-
Notifications
You must be signed in to change notification settings - Fork 0
94 lines (66 loc) · 2.06 KB
/
continuous-integration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: "CI pipeline"
on:
push:
branches:
- main
workflow_dispatch: {}
permissions:
contents: read
jobs:
check-docs:
name: Check Module Documentation
runs-on: ubuntu-latest
steps:
# Checkout the base branch of the pull request (e.g. main/master).
- name: Checkout base branch
uses: actions/checkout@v4
- name: Check if terraform docs are up to date
uses: terraform-docs/[email protected]
with:
args: "--output-check"
working-dir: infrastructure/
config-file: .config/tfdocs-config.yaml
scan-for-security-issues:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Scan terraform files for misconfiguration
uses: aquasecurity/[email protected]
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: .config/trivy.yaml
validate-infrastructure:
name: Terragrunt Infrastructure Checks
runs-on: ubuntu-latest
env:
tf_version: '1.9.4'
tg_version: '0.58.10'
working_dir: 'infrastructure/live'
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Terragrunt Check Hcl Format
uses: gruntwork-io/terragrunt-action@v2
with:
tg_dir: ${{ env.working_dir }}
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_command: 'hclfmt --terragrunt-check --terragrunt-diff'
- name: Terragrunt Init
uses: gruntwork-io/terragrunt-action@v2
with:
tg_dir: ${{ env.working_dir }}
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_command: 'run-all init'
- name: Terragrunt Validate
uses: gruntwork-io/terragrunt-action@v2
id: terragrunt-validate
with:
tg_dir: ${{ env.working_dir }}
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_command: 'run-all validate'