-
Notifications
You must be signed in to change notification settings - Fork 108
47 lines (36 loc) · 1.38 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
name: CI
on:
pull_request:
branches: [master]
# Checks if any concurrent jobs under the same pull request or branch are being executed
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
manifests-validation:
runs-on: ubuntu-latest
steps:
- name: Checkout test-infra ⤵️
uses: actions/checkout@v4
- name: Setup Kubeval ⛓️
uses: lra/[email protected]
- name: yaml config validation 🔍
run: kubeval --directories config/prow --ignore-missing-schemas
scan-terraform:
runs-on: ubuntu-latest
steps:
- name: Checkout test-infra ⤵️
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v1
with:
go-version: 1.19
- name: Install deps
run: |
curl -L "$(curl -Ls https://api.github.com/repos/accurics/terrascan/releases/latest | grep -o -E "https://.+?_Linux_x86_64.tar.gz")" > terrascan.tar.gz
tar -xf terrascan.tar.gz
install terrascan /usr/local/bin
- name: Scan terrafrom code
run: |
terrascan scan -i terraform -d config/clusters -v \
--skip-rules 'AC_AWS_0214,AC_AWS_0369,AC_AWS_0487,AC_AWS_078,AWS.CloudTrail.Logging.Medium.007,AC_AWS_0447,AC_AWS_0497,AC_AWS_0458,AC_AWS_0320'