chore(deps): update terraform random to v3.6.3 #2459
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: CI | |
| on: # yamllint disable-line rule:truthy | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache | |
| jobs: | |
| verify_module: | |
| name: Verify module | |
| strategy: | |
| matrix: | |
| terraform: [1.3.9] | |
| runs-on: ubuntu-latest | |
| container: | |
| image: hashicorp/terraform:${{ matrix.terraform }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: terraform init -get -backend=false -input=false | |
| - run: terraform fmt -recursive -check=true -write=false | |
| verify_examples: | |
| name: Verify examples | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| terraform: [1.3.9, latest] | |
| example: | |
| [ | |
| "runner-default", | |
| "runner-docker", | |
| "runner-fleeting-plugin", | |
| "runner-public", | |
| "runner-certificates", | |
| ] | |
| defaults: | |
| run: | |
| working-directory: examples/${{ matrix.example }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: hashicorp/terraform:${{ matrix.terraform }} | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - run: terraform init -get -backend=false -input=false | |
| - if: contains(matrix.terraform, '1.3.') | |
| run: terraform fmt -recursive -check=true -write=false | |
| - run: terraform validate | |
| linter: | |
| name: MegaLinter | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Git Checkout | |
| - name: Checkout Code | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances | |
| # MegaLinter | |
| - name: MegaLinter | |
| id: ml | |
| # You can override MegaLinter flavor used to have faster performances | |
| # More info at https://megalinter.io/flavors/ | |
| uses: oxsecurity/megalinter@c217fe8f7bc9207062a084e989bd97efd56e7b9a # v8.0.0 | |
| env: | |
| # All available variables are described in documentation | |
| # https://megalinter.io/configuration/ | |
| VALIDATE_ALL_CODEBASE: false | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY | |
| SPELL_CSPELL_FILTER_REGEX_EXCLUDE: (\.gitignore|.tflint.hcl|CHANGELOG.md) | |
| # needed to avoid multiple error messages | |
| TERRAFORM_TERRASCAN_ARGUMENTS: "--non-recursive" | |
| # format issues fail the build | |
| TERRAFORM_TERRAFORM_FMT_DISABLE_ERRORS: false | |
| # it's an auto-generated file | |
| MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (CHANGELOG.md) | |
| # it's an auto-generated file | |
| MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_EXCLUDE: (CHANGELOG.md) | |
| PAT: ${{ secrets.GITHUB_TOKEN }} | |
| # automatically commit fixes to the feature branch | |
| APPLY_FIXES: all | |
| APPLY_FIXES_EVENT: pull_request | |
| APPLY_FIXES_MODE: commit | |
| # Upload MegaLinter artifacts | |
| - name: Archive production artifacts | |
| if: ${{ success() || failure() }} | |
| uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4 | |
| with: | |
| name: MegaLinter reports | |
| path: | | |
| megalinter-reports | |
| mega-linter.log | |
| kics: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: checkmarx/kics:v2.1.2-debian@sha256:3d82e5eb0bd868f5ea749edaf72f9bd39790820eea57323880fed89585323cf2 | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| # ignore: "tags not used", "access analyzer not used", "shield advanced not used" | |
| - run: kics scan -p . -o . --config .kics.yml --exclude-queries e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10,e592a0c5-5bdb-414c-9066-5dba7cdea370,084c6686-2a70-4710-91b1-000393e54c12 | |
| tflint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| name: Checkout source code | |
| - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
| name: Cache plugin dir | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: tflint-${{ hashFiles('.tflint.hcl') }} | |
| - uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4 | |
| name: Setup TFLint | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tflint_version: latest | |
| - name: Show version | |
| run: tflint --version | |
| - name: Init TFLint | |
| run: tflint --init | |
| - name: Run TFLint | |
| # assign necessary variables to avoid errors | |
| run: 'tflint --var ''enable_managed_kms_key=true'' --var=''runner_instance={"name_prefix": "a", "name": "b"}''' | |
| tfsec: | |
| name: tfsec PR commenter | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: tfsec | |
| uses: aquasecurity/tfsec-pr-commenter-action@7a44c5dcde5dfab737363e391800629e27b6376b # v1.3.1 | |
| with: | |
| github_token: ${{ github.token }} |