-
Notifications
You must be signed in to change notification settings - Fork 19
102 lines (102 loc) · 3.5 KB
/
check.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: check
on: [pull_request]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup TFLint
uses: terraform-linters/setup-tflint@v3
with:
tflint_version: v0.42.1
- name: Run lint
run: |
make lint
fmt:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.0
- name: Run fmt
run: |
sudo apt-get install parallel
make fmt
- name: Check if working tree is dirty
run: |
if [[ $(git status --porcelain) ]]; then
git diff
echo 'run make fmt and commit changes'
exit 1
fi
docs:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup terraform-docs
env:
TERRAFORM_DOCS_VERSION: "v0.16.0"
TERRAFORM_DOCS_SHA: "328c16cd6552b3b5c4686b8d945a2e2e18d2b8145b6b66129cd5491840010182"
run: |
wget https://github.com/terraform-docs/terraform-docs/releases/download/${TERRAFORM_DOCS_VERSION}/terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz
DOWNLOAD_TERRAFORM_DOCS_SHA=$(openssl sha1 -sha256 terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz | awk '{print $2}')
if [[ "${TERRAFORM_DOCS_SHA}" != "${DOWNLOAD_TERRAFORM_DOCS_SHA}" ]]; then
echo "Downloaded checksum (${DOWNLOAD_TERRAFORM_DOCS_SHA}) for terraform-docs does not match expected value: ${TERRAFORM_DOCS_SHA}"
exit 1
fi
tar xzvf terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz terraform-docs
rm terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz
mkdir -p ~/.local/bin/
mv ./terraform-docs ~/.local/bin/terraform-docs
- name: Run docs
run: |
export PATH=${PATH}:~/.local/bin
make docs
- name: Check if working tree is dirty
run: |
if [[ $(git status --porcelain) ]]; then
git diff
echo 'run make docs and commit changes'
exit 1
fi
tfsec:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup tfsec
env:
TFSEC_VERSION: "v1.27.1"
TFSEC_SHA: "edf06ce4897a3113dda6393b31345aea8b70626dac4c67df87ef0b69fd6c83f0"
run: |
wget https://github.com/tfsec/tfsec/releases/download/${TFSEC_VERSION}/tfsec-linux-amd64
DOWNLOAD_TFSEC_SHA=$(openssl sha1 -sha256 tfsec-linux-amd64 | awk '{print $2}')
if [[ "${TFSEC_SHA}" != "${DOWNLOAD_TFSEC_SHA}" ]]; then
echo "Downloaded checksum (${DOWNLOAD_TFSEC_SHA}) for tfsec does not match expected value: ${TFSEC_SHA}"
exit 1
fi
chmod +x tfsec-linux-amd64
mkdir -p ~/.local/bin/
mv ./tfsec-linux-amd64 ~/.local/bin/tfsec
- name: Run tfsec
run: |
export PATH=${PATH}:~/.local/bin
make tfsec
validate:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.3.0
- name: Run terraform validate
run: |
sudo apt-get install parallel
make validate