devops-final-project/.github/workflows/infrastructure-commit.yaml at main · evelonche/devops-final-project · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: Terraform commit pipeline
run-name: ${{ github.actor }} made a commit to infrastructure

on:
  push:
    paths: ['infrastructure/**' ]
    branches: [ 'ftr/*' ]

jobs:
  format-code:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Check Terraform formatting
        uses: dflook/terraform-fmt-check@v1
        with:
          path: "./infrastructure/"

  lint-code:
    runs-on: ubuntu-latest
    needs: format-code
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Check linting of Terraform code
        uses: devops-infra/action-tflint@v0.3
        with:
          dir_filter: infrastructure/

  validate:
    runs-on: ubuntu-latest
    needs: lint-code
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Validate Terraform
        uses: dflook/terraform-validate@v1
        with:
          path: "./infrastructure/"

  checkov-scan:
    runs-on: ubuntu-latest
    needs: validate
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
      - name: Check infrastructure code with Checkov
        uses: bridgecrewio/checkov-action@v12
        with:
          check: 'HIGH, CRITICAL'
          directory: infrastructure/
          output_format: cli
          output_file_path: console