Skip to content

chore(deps): update terraform aws to v5.82.1 #551

chore(deps): update terraform aws to v5.82.1

chore(deps): update terraform aws to v5.82.1 #551

Workflow file for this run

name: review
on:
pull_request:
branches:
- main
permissions: {}
jobs:
validate:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
app.terraform.io:443
archivist.terraform.io:443
checkpoint-api.hashicorp.com:443
github.com:443
registry.terraform.io:443
releases.hashicorp.com:443
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
show-progress: false
- name: Setup Teraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Prettify
run: terraform fmt -check
continue-on-error: true
- name: Initialise
run: terraform init
- name: Validate
run: terraform validate -no-color
tflint:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
github.com:443
objects.githubusercontent.com:443
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
show-progress: false
- name: Cache Plugins
uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
with:
path: ~/.tflint.d/plugins
key: tflint-${{ hashFiles('.tflint.hcl') }}
- name: Setup TFLint
uses: terraform-linters/setup-tflint@8093687ecc9dcbfa88d07c103ad4176739a7287e # v4.1.0
with:
tflint_version: v0.50.3
- name: Initialise
run: tflint --init
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Lint
run: tflint -f compact
trivy:
runs-on: ubuntu-latest
permissions:
contents: read
# Needed to upload the results to code-scanning dashboard.
security-events: write
env:
trivy_sarif: trivy.sarif
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
d2glxqk2uabbnd.cloudfront.net:443
d5l0dvt14r5h8.cloudfront.net:443
ghcr.io:443
github.com:443
objects.githubusercontent.com:443
pkg-containers.githubusercontent.com:443
public.ecr.aws:443
raw.githubusercontent.com:443
- name: Checkout Repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
show-progress: false
- name: Run with SARIF Output
uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
with:
scan-type: "fs"
format: "sarif"
output: ${{ env.trivy_sarif }}
env:
TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db"
TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db"
- name: Report via GitHub CodeQL
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
with:
sarif_file: ${{ env.trivy_sarif }}