workflows

Signed-off-by: junior <junior@users.noreply.github.com>

Author: junior

.github/workflows/stack.yml

@@ -0,0 +1,50 @@
+# Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved.
+# Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
+# 
+
+# Creates and Publishes the Oracle Resource Manager stack - v0.0.5
+
+name: Generate stacks and publish release
+
+on:
+  push:
+    branches: [ main ]
+    paths: ['VERSION']
+
+jobs:
+
+  publish_stack:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Create stacks
+      id: create_stacks
+      run: |
+        #
+        STACKNAME=${{ github.event.repository.name }}
+        STACK_FILES="*.tf schema.yaml README.md LICENSE VERSION .terraform.lock.hcl modules/"
+        RELEASE=$(cat VERSION)
+        ASSETS+="${STACKNAME}-stack.zip ${STACKNAME}-${RELEASE}.zip "
+        echo "::group::Processing $STACKNAME"
+        zip -r ${STACKNAME}-stack.zip $STACK_FILES -x "*.tfstat*" ".terraform/" || { printf '\n⛔ Unable to create %s stack.\n'; exit 1;  }
+        cp ${STACKNAME}-stack.zip ${STACKNAME}-${RELEASE}.zip || { printf '\n⛔ Unable to create %s stack.\n'; exit 1;  }
+        echo "::endgroup::"
+        echo "::set-output name=assets::$ASSETS"
+        echo "::set-output name=release::$RELEASE"
+        echo "::set-output name=prefix::$STACKNAME"
+
+    - name: Prepare Release Notes
+      run: |
+        #
+        printf '%s\n' '${{ steps.create_stacks.outputs.prefix }} Stack - v${{ steps.create_stacks.outputs.release }}' >release.md
+        printf '%s\n' '' '## [![Deploy to Oracle Cloud][magic_button]][magic_stack]' >>release.md
+        printf '%s\n' '' '' >>release.md
+        printf '%s\n' '' '[magic_button]: https://oci-resourcemanager-plugin.plugins.oci.oraclecloud.com/latest/deploy-to-oracle-cloud.svg' >>release.md
+        printf '%s\n' '' '[magic_stack]: https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/${{ github.repository }}/releases/download/${{ steps.create_stacks.outputs.release }}/${{ steps.create_stacks.outputs.prefix }}-${{ steps.create_stacks.outputs.release }}.zip' >>release.md
+
+    - name: Create Release
+      run: gh release create ${{ steps.create_stacks.outputs.release }} --generate-notes -F release.md ${{ steps.create_stacks.outputs.assets }}
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/tfsec-pr-commenter.yml

@@ -0,0 +1,16 @@
+name: tfsec-pr-commenter
+on:
+  pull_request:
+jobs:
+  tfsec:
+    name: tfsec PR commenter
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: tfsec/tfsec-pr-commenter-action@main
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/tfsec.yml

@@ -0,0 +1,38 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: tfsec
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]  
+  schedule:
+    - cron: '18 15 * * 3'
+
+jobs:
+  tfsec:
+    name: Run tfsec sarif report
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v3
+
+      - name: Run tfsec
+        uses: aquasecurity/tfsec-sarif-action@9a83b5c3524f825c020e356335855741fd02745f
+        with:
+          sarif_file: tfsec.sarif         
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif