-
Notifications
You must be signed in to change notification settings - Fork 19
118 lines (118 loc) · 4.06 KB
/
check.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: check
on:
pull_request:
branches:
- 'main'
types:
- labeled
- opened
- reopened
- synchronize
jobs:
conventional-commit:
runs-on: ubuntu-latest
steps:
- name: PR Conventional Commit Validation
uses: ytanikin/[email protected]
with:
task_types: '["feat","fix","doc","test","ci","refactor","perf","chore","revert"]'
custom_labels: '{"feat": "feature", "fix": "fix", "doc": "documentation", "test": "test", "ci": "ci/cd", "refactor": "refactor", "perf": "performance", "chore": "chore", "revert": "revert"}'
lint:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup TFLint
uses: terraform-linters/setup-tflint@v4
with:
tflint_version: v0.50.3
- name: Run lint
run: |
make lint
fmt:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.3.0
- name: Run fmt
run: |
sudo apt-get install parallel
make fmt
- name: Check if working tree is dirty
run: |
if [[ $(git status --porcelain) ]]; then
git diff
echo 'run make fmt and commit changes'
exit 1
fi
docs:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup terraform-docs
env:
TERRAFORM_DOCS_VERSION: "v0.19.0"
TERRAFORM_DOCS_SHA: "dd741a0ece81059a478684b414d95d72b8b74fa58f50ac4036b4e8b56130d64b"
run: |
wget https://github.com/terraform-docs/terraform-docs/releases/download/${TERRAFORM_DOCS_VERSION}/terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz
DOWNLOAD_TERRAFORM_DOCS_SHA=$(openssl sha1 -sha256 terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz | awk '{print $2}')
if [[ "${TERRAFORM_DOCS_SHA}" != "${DOWNLOAD_TERRAFORM_DOCS_SHA}" ]]; then
echo "Downloaded checksum (${DOWNLOAD_TERRAFORM_DOCS_SHA}) for terraform-docs does not match expected value: ${TERRAFORM_DOCS_SHA}"
exit 1
fi
tar xzvf terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz terraform-docs
rm terraform-docs-${TERRAFORM_DOCS_VERSION}-linux-amd64.tar.gz
mkdir -p ~/.local/bin/
mv ./terraform-docs ~/.local/bin/terraform-docs
- name: Run docs
run: |
export PATH=${PATH}:~/.local/bin
make docs
- name: Check if working tree is dirty
run: |
if [[ $(git status --porcelain) ]]; then
git diff
echo 'run make docs and commit changes'
exit 1
fi
tfsec:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup tfsec
env:
TFSEC_VERSION: "v1.27.1"
TFSEC_SHA: "edf06ce4897a3113dda6393b31345aea8b70626dac4c67df87ef0b69fd6c83f0"
run: |
wget https://github.com/tfsec/tfsec/releases/download/${TFSEC_VERSION}/tfsec-linux-amd64
DOWNLOAD_TFSEC_SHA=$(openssl sha1 -sha256 tfsec-linux-amd64 | awk '{print $2}')
if [[ "${TFSEC_SHA}" != "${DOWNLOAD_TFSEC_SHA}" ]]; then
echo "Downloaded checksum (${DOWNLOAD_TFSEC_SHA}) for tfsec does not match expected value: ${TFSEC_SHA}"
exit 1
fi
chmod +x tfsec-linux-amd64
mkdir -p ~/.local/bin/
mv ./tfsec-linux-amd64 ~/.local/bin/tfsec
- name: Run tfsec
run: |
export PATH=${PATH}:~/.local/bin
make tfsec
validate:
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.3.0
- name: Run terraform validate
run: |
sudo apt-get install parallel
make validate