From 27257d5ccc5a7752d3f1608a094a5d5a9eb10946 Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 10:03:07 +0000 Subject: [PATCH 01/10] feat(ci): adding github actions pipeline --- .github/workflows/checkov.yaml | 49 ++++++++++++++++++++++++++++++++ .github/workflows/terraform.yaml | 47 ++++++++++++++++++++++++++++++ .gitignore | 8 +++--- test/terraform.test.tfvars | 12 ++++++++ 4 files changed, 112 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/checkov.yaml create mode 100644 .github/workflows/terraform.yaml create mode 100644 test/terraform.test.tfvars diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml new file mode 100644 index 0000000..49680f3 --- /dev/null +++ b/.github/workflows/checkov.yaml @@ -0,0 +1,49 @@ +name: 'Checkov' + +on: + push: + branches: [ $default-branch, 'github-actions' ] + pull_request: + branches: [ $default-branch ] + + workflow_dispatch: + +permissions: + contents: read + +jobs: + scan: + name: 'Checkov' + environment: production + + permissions: + contents: read + security-events: write + actions: read + + runs-on: ubuntu-latest + + defaults: + run: + shell: bash + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Checkov Github Action + uses: bridgecrewio/checkov-action@v12 + with: + directory: terraform + quiet: true + framework: terraform + var_file: test/terraform.test.tfvars + output_format: cli,sarif + output_file_path: console,results.sarif + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v2 + + if: success() || failure() + with: + sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml new file mode 100644 index 0000000..2e768f8 --- /dev/null +++ b/.github/workflows/terraform.yaml @@ -0,0 +1,47 @@ +name: 'Terraform' + +on: + push: + branches: [ $default-branch ] + pull_request: + +permissions: + contents: read + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + environment: production + + defaults: + run: + shell: bash + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.13.0 + + - name: Terraform Init + run: terraform init + + - name: Terraform Lint + id: lint + run: terraform fmt -check + + - run: echo ${{ steps.lint.outputs.stdout }} + - run: echo ${{ steps.lint.outputs.stderr }} + - run: echo ${{ steps.lint.outputs.exitcode }} + + - name: Terraform Plan + id: plan + run: terraform plan -input=false -no-color + + - run: echo ${{ steps.plan.outputs.stdout }} + - run: echo ${{ steps.plan.outputs.stderr }} + - run: echo ${{ steps.plan.outputs.exitcode }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 53925a9..481002f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ # Local .terraform directories -**/.terraform/* -.terraform/ +terraform/.terraform/* +terraform/.terraform/ # .tfstate files *.tfstate @@ -14,8 +14,8 @@ crash.*.log # password, private keys, and other secrets. These should not be part of version # control as they are data points which are potentially sensitive and subject # to change depending on the environment. -*.tfvars -*.tfvars.json +terraform/*.tfvars +terraform/*.tfvars.json # Ignore override files as they are usually used to override resources locally and so # are not checked in diff --git a/test/terraform.test.tfvars b/test/terraform.test.tfvars new file mode 100644 index 0000000..0890068 --- /dev/null +++ b/test/terraform.test.tfvars @@ -0,0 +1,12 @@ +# AWS Configuration +region = "eu-north-1" +environment = "staging" + +# Cluster Configuration +kubernetes_version = "1.34" + +# Node Group Configuration +instance_types = ["t3.medium", "t3.large"] +primary_min_size = 1 +primary_max_size = 2 +primary_desired_size = 1 From 8fb635b4c260531cd8153a9cdbcfc90a21d88ffd Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 10:04:27 +0000 Subject: [PATCH 02/10] test terraform --- .github/workflows/terraform.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 2e768f8..21c1cac 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -2,7 +2,7 @@ name: 'Terraform' on: push: - branches: [ $default-branch ] + branches: [ $default-branch, 'github-actions' ] pull_request: permissions: From 7d013221c6b399a0fc5bd24751f8e34090f79dee Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:44:55 +0000 Subject: [PATCH 03/10] dnssec --- .github/workflows/terraform.yaml | 4 +- terraform/data.tf | 4 +- terraform/dns.tf | 112 +++++++++++++++++++++++++++++++ terraform/eks.tf | 25 ++++--- terraform/ingress.tf | 36 +--------- terraform/karpenter.tf | 19 +++--- terraform/terraform.tf | 4 +- terraform/vpc.tf | 3 +- 8 files changed, 143 insertions(+), 64 deletions(-) create mode 100644 terraform/dns.tf diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 21c1cac..80b8473 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -32,7 +32,7 @@ jobs: - name: Terraform Lint id: lint - run: terraform fmt -check + run: terraform fmt -check -recursive terraform/ - run: echo ${{ steps.lint.outputs.stdout }} - run: echo ${{ steps.lint.outputs.stderr }} @@ -40,7 +40,7 @@ jobs: - name: Terraform Plan id: plan - run: terraform plan -input=false -no-color + run: terraform -chdir=terraform plan -input=false -no-color -var-file=terraform/terraform.test.tfvars - run: echo ${{ steps.plan.outputs.stdout }} - run: echo ${{ steps.plan.outputs.stderr }} diff --git a/terraform/data.tf b/terraform/data.tf index 7862d07..7ffd416 100644 --- a/terraform/data.tf +++ b/terraform/data.tf @@ -1 +1,3 @@ -data "aws_availability_zones" "available" {} \ No newline at end of file +data "aws_availability_zones" "available" {} + +data "aws_caller_identity" "current" {} diff --git a/terraform/dns.tf b/terraform/dns.tf new file mode 100644 index 0000000..c18114f --- /dev/null +++ b/terraform/dns.tf @@ -0,0 +1,112 @@ +# Optional Route53 Hosted Zone for Kubernetes Ingress +resource "aws_route53_zone" "main" { + count = var.create_dns_zone ? 1 : 0 + + name = var.dns_zone_name + + tags = merge(local.tags, { + Name = "${local.name}-dns-zone" + }) +} + +# KMS Key for DNSSEC +resource "aws_kms_key" "dnssec" { + count = var.create_dns_zone ? 1 : 0 + + provider = aws.us-east-1 + + description = "KMS key for DNSSEC signing for ${var.dns_zone_name}" + deletion_window_in_days = 7 + key_usage = "SIGN_VERIFY" + customer_master_key_spec = "ECC_NIST_P256" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Sid = "Enable IAM User Permissions" + Effect = "Allow" + Principal = { + AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" + } + Action = "kms:*" + Resource = "*" + }, + { + Sid = "Allow Route 53 DNSSEC Service" + Effect = "Allow" + Principal = { + Service = "dnssec-route53.amazonaws.com" + } + Action = [ + "kms:DescribeKey", + "kms:GetPublicKey", + "kms:Sign" + ] + Resource = "*" + Condition = { + StringEquals = { + "aws:SourceAccount" = data.aws_caller_identity.current.account_id + } + ArnLike = { + "aws:SourceArn" = "arn:aws:route53:::hostedzone/*" + } + } + } + ] + }) + + tags = merge(local.tags, { + Name = "${local.name}-dnssec-key" + }) +} + +resource "aws_kms_alias" "dnssec" { + count = var.create_dns_zone ? 1 : 0 + + provider = aws.us-east-1 + + name = "alias/${local.name}-dnssec" + target_key_id = aws_kms_key.dnssec[0].key_id +} + +resource "aws_route53_key_signing_key" "main" { + count = var.create_dns_zone ? 1 : 0 + + provider = aws.us-east-1 + + hosted_zone_id = aws_route53_zone.main[0].zone_id + name = "${local.name}-ksk" + key_management_service_arn = aws_kms_key.dnssec[0].arn +} + +resource "aws_route53_hosted_zone_dnssec" "main" { + count = var.create_dns_zone ? 1 : 0 + + hosted_zone_id = aws_route53_zone.main[0].zone_id + + depends_on = [ + aws_route53_key_signing_key.main + ] +} + +resource "aws_route53domains_registered_domain" "main" { + count = var.create_dns_zone && var.is_aws_registered_domain ? 1 : 0 + + provider = aws.us-east-1 + + domain_name = var.dns_zone_name + + name_server { + name = aws_route53_zone.main[0].name_servers[0] + } + name_server { + name = aws_route53_zone.main[0].name_servers[1] + } + name_server { + name = aws_route53_zone.main[0].name_servers[2] + } + name_server { + name = aws_route53_zone.main[0].name_servers[3] + } +} diff --git a/terraform/eks.tf b/terraform/eks.tf index 6117f34..367e4ed 100644 --- a/terraform/eks.tf +++ b/terraform/eks.tf @@ -1,7 +1,6 @@ # EKS Cluster Module module "eks" { - source = "terraform-aws-modules/eks/aws" - version = "~> 21.9.0" + source = "git::https://github.com/terraform-aws-modules/terraform-aws-eks.git?ref=c41b582" name = local.name kubernetes_version = var.kubernetes_version @@ -28,12 +27,12 @@ module "eks" { # persistent volumes aws-ebs-csi-driver = { most_recent = true - service_account_role_arn = module.ebs_csi_irsa.iam_role_arn + service_account_role_arn = module.ebs_csi_irsa.arn } # volumesnapshots snapshot-controller = { most_recent = true - service_account_role_arn = module.ebs_csi_irsa.iam_role_arn + service_account_role_arn = module.ebs_csi_irsa.arn } aws-secrets-store-csi-driver-provider = { @@ -75,10 +74,9 @@ module "eks" { } module "ebs_csi_irsa" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.28" + source = "git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-role-for-service-accounts?ref=7279fc4" - role_name_prefix = "${local.name}-ebs-csi-" + name = "${local.name}-ebs-csi" attach_ebs_csi_policy = true @@ -92,10 +90,9 @@ module "ebs_csi_irsa" { # AWS Load Balancer Controller IAM Role module "aws_load_balancer_controller_irsa" { - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.28" + source = "git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-role-for-service-accounts?ref=7279fc4" - role_name_prefix = "${local.name}-aws-lb-controller-" + name = "${local.name}-aws-lb-controller" attach_load_balancer_controller_policy = true @@ -113,12 +110,14 @@ module "aws_load_balancer_controller_irsa" { module "external_dns_irsa" { count = var.create_dns_zone ? 1 : 0 - source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks" - version = "~> 5.28" + source = "git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-role-for-service-accounts?ref=7279fc4" - role_name_prefix = "${local.name}-external-dns-" + name = "${local.name}-external-dns" attach_external_dns_policy = true + external_dns_hosted_zone_arns = [ + "arn:aws:route53:::hostedzone/${aws_route53_zone.main[0].zone_id}" + ] oidc_providers = { main = { diff --git a/terraform/ingress.tf b/terraform/ingress.tf index f2e7f91..a55a54c 100644 --- a/terraform/ingress.tf +++ b/terraform/ingress.tf @@ -1,35 +1,3 @@ -# Optional Route53 Hosted Zone for Kubernetes Ingress -resource "aws_route53_zone" "main" { - count = var.create_dns_zone ? 1 : 0 - - name = var.dns_zone_name - - tags = merge(local.tags, { - Name = "${local.name}-dns-zone" - }) -} - -resource "aws_route53domains_registered_domain" "main" { - count = var.create_dns_zone && var.is_aws_registered_domain ? 1 : 0 - - provider = aws.route53domains - - domain_name = var.dns_zone_name - - name_server { - name = aws_route53_zone.main[0].name_servers[0] - } - name_server { - name = aws_route53_zone.main[0].name_servers[1] - } - name_server { - name = aws_route53_zone.main[0].name_servers[2] - } - name_server { - name = aws_route53_zone.main[0].name_servers[3] - } -} - # AWS Certificate Manager certificate resource "aws_acm_certificate" "main" { count = var.create_dns_zone ? 1 : 0 @@ -103,7 +71,7 @@ resource "helm_release" "aws_load_balancer_controller" { }, { name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" - value = module.aws_load_balancer_controller_irsa.iam_role_arn + value = module.aws_load_balancer_controller_irsa.arn }, { name = "region" @@ -146,7 +114,7 @@ resource "helm_release" "external_dns" { }, { name = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn" - value = module.external_dns_irsa[0].iam_role_arn + value = module.external_dns_irsa[0].arn }, { name = "domainFilters[0]" diff --git a/terraform/karpenter.tf b/terraform/karpenter.tf index e327872..b4a60b4 100644 --- a/terraform/karpenter.tf +++ b/terraform/karpenter.tf @@ -1,6 +1,5 @@ module "karpenter" { - source = "terraform-aws-modules/eks/aws//modules/karpenter" - version = "~> 21.9.0" + source = "git::https://github.com/terraform-aws-modules/terraform-aws-eks.git//modules/karpenter?ref=c41b582" cluster_name = module.eks.cluster_name namespace = "kube-system" @@ -20,14 +19,14 @@ module "karpenter" { # Install Karpenter resource "helm_release" "karpenter" { - namespace = "kube-system" - name = "karpenter" - create_namespace = true - repository = "oci://public.ecr.aws/karpenter" - chart = "karpenter" - version = "1.8.2" - wait = true - timeout = 600 + namespace = "kube-system" + name = "karpenter" + create_namespace = true + repository = "oci://public.ecr.aws/karpenter" + chart = "karpenter" + version = "1.8.2" + wait = true + timeout = 600 values = [ <<-EOT diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 50bd1f3..c1f4901 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -34,7 +34,7 @@ provider "aws" { } provider "aws" { - alias = "route53domains" + alias = "us-east-1" region = "us-east-1" } @@ -44,7 +44,7 @@ provider "kubectl" { exec { api_version = "client.authentication.k8s.io/v1beta1" command = "aws" - args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] + args = ["eks", "get-token", "--cluster-name", module.eks.cluster_name] } load_config_file = false } diff --git a/terraform/vpc.tf b/terraform/vpc.tf index 76a1ec8..bc8298f 100644 --- a/terraform/vpc.tf +++ b/terraform/vpc.tf @@ -1,6 +1,5 @@ module "vpc" { - source = "terraform-aws-modules/vpc/aws" - version = "~> 6.0" + source = "git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=cf73787" name = local.name cidr = local.vpc_cidr From 83f5f71c8f5ee7d969cbf46b906ef0c355bb9798 Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:47:15 +0000 Subject: [PATCH 04/10] checkov ignore and terraform ci fix --- .github/workflows/terraform.yaml | 2 +- terraform/dns.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 80b8473..98c33f3 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -40,7 +40,7 @@ jobs: - name: Terraform Plan id: plan - run: terraform -chdir=terraform plan -input=false -no-color -var-file=terraform/terraform.test.tfvars + run: terraform -chdir=terraform plan -input=false -no-color -var-file=test/terraform.test.tfvars - run: echo ${{ steps.plan.outputs.stdout }} - run: echo ${{ steps.plan.outputs.stderr }} diff --git a/terraform/dns.tf b/terraform/dns.tf index c18114f..60be4d9 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -1,4 +1,5 @@ # Optional Route53 Hosted Zone for Kubernetes Ingress +# checkov:skip=CKV2_AWS_39: "Not a requirmement for logging at this time" resource "aws_route53_zone" "main" { count = var.create_dns_zone ? 1 : 0 From 0efe2ed95c3375a8114fce6864a28325daf7b97f Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:48:07 +0000 Subject: [PATCH 05/10] terraform ci fix --- .github/workflows/terraform.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 98c33f3..a9274e1 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -40,7 +40,7 @@ jobs: - name: Terraform Plan id: plan - run: terraform -chdir=terraform plan -input=false -no-color -var-file=test/terraform.test.tfvars + run: terraform -chdir=terraform plan -input=false -no-color -var-file=../test/terraform.test.tfvars - run: echo ${{ steps.plan.outputs.stdout }} - run: echo ${{ steps.plan.outputs.stderr }} From 296115b15b3e4091f07708a6a16e91127094372d Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:51:20 +0000 Subject: [PATCH 06/10] terraform ci fix --- .github/workflows/checkov.yaml | 1 + .github/workflows/terraform.yaml | 5 ++++- terraform/dns.tf | 1 - 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml index 49680f3..2da43f8 100644 --- a/.github/workflows/checkov.yaml +++ b/.github/workflows/checkov.yaml @@ -40,6 +40,7 @@ jobs: var_file: test/terraform.test.tfvars output_format: cli,sarif output_file_path: console,results.sarif + skip_check: CKV2_AWS_39 - name: Upload SARIF file uses: github/codeql-action/upload-sarif@v2 diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index a9274e1..b5a09ea 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -27,6 +27,9 @@ jobs: with: terraform_version: 1.13.0 + - name: Change directory + run: cd terraform + - name: Terraform Init run: terraform init @@ -40,7 +43,7 @@ jobs: - name: Terraform Plan id: plan - run: terraform -chdir=terraform plan -input=false -no-color -var-file=../test/terraform.test.tfvars + run: terraform plan -input=false -no-color -var-file=../test/terraform.test.tfvars - run: echo ${{ steps.plan.outputs.stdout }} - run: echo ${{ steps.plan.outputs.stderr }} diff --git a/terraform/dns.tf b/terraform/dns.tf index 60be4d9..c18114f 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -1,5 +1,4 @@ # Optional Route53 Hosted Zone for Kubernetes Ingress -# checkov:skip=CKV2_AWS_39: "Not a requirmement for logging at this time" resource "aws_route53_zone" "main" { count = var.create_dns_zone ? 1 : 0 From a0b585abb4af713ee2a80aad13ff4893db149574 Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:52:09 +0000 Subject: [PATCH 07/10] terraform ci fix --- .github/workflows/terraform.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index b5a09ea..97e1b95 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -27,15 +27,12 @@ jobs: with: terraform_version: 1.13.0 - - name: Change directory - run: cd terraform - - name: Terraform Init - run: terraform init + run: terraform -chdir=terraform init - name: Terraform Lint id: lint - run: terraform fmt -check -recursive terraform/ + run: terraform -chdir=terraform fmt -check -recursive terraform/ - run: echo ${{ steps.lint.outputs.stdout }} - run: echo ${{ steps.lint.outputs.stderr }} @@ -43,7 +40,7 @@ jobs: - name: Terraform Plan id: plan - run: terraform plan -input=false -no-color -var-file=../test/terraform.test.tfvars + run: terraform -chdir=terraform plan -input=false -no-color -var-file=../test/terraform.test.tfvars - run: echo ${{ steps.plan.outputs.stdout }} - run: echo ${{ steps.plan.outputs.stderr }} From b445833ed962043321a75bc616e9eed1307e305b Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:53:40 +0000 Subject: [PATCH 08/10] terraform ci fix --- .github/workflows/terraform.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 97e1b95..9610413 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -32,11 +32,7 @@ jobs: - name: Terraform Lint id: lint - run: terraform -chdir=terraform fmt -check -recursive terraform/ - - - run: echo ${{ steps.lint.outputs.stdout }} - - run: echo ${{ steps.lint.outputs.stderr }} - - run: echo ${{ steps.lint.outputs.exitcode }} + run: terraform fmt -check -recursive terraform/ - name: Terraform Plan id: plan From 7ec95cafd9115e8218a5b0642c924f4fdbd772ef Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 11:55:30 +0000 Subject: [PATCH 09/10] terraform ci fix --- .github/workflows/terraform.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index 9610413..f6ede9d 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -33,11 +33,3 @@ jobs: - name: Terraform Lint id: lint run: terraform fmt -check -recursive terraform/ - - - name: Terraform Plan - id: plan - run: terraform -chdir=terraform plan -input=false -no-color -var-file=../test/terraform.test.tfvars - - - run: echo ${{ steps.plan.outputs.stdout }} - - run: echo ${{ steps.plan.outputs.stderr }} - - run: echo ${{ steps.plan.outputs.exitcode }} \ No newline at end of file From cfcf98f369b310e82bca937cc3bb1926c1ba92b9 Mon Sep 17 00:00:00 2001 From: Sam Clusker <9279784+samclusker@users.noreply.github.com> Date: Sat, 6 Dec 2025 12:05:55 +0000 Subject: [PATCH 10/10] run ci on all --- .github/workflows/checkov.yaml | 2 -- .github/workflows/terraform.yaml | 1 - 2 files changed, 3 deletions(-) diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml index 2da43f8..ff1a9c6 100644 --- a/.github/workflows/checkov.yaml +++ b/.github/workflows/checkov.yaml @@ -2,9 +2,7 @@ name: 'Checkov' on: push: - branches: [ $default-branch, 'github-actions' ] pull_request: - branches: [ $default-branch ] workflow_dispatch: diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml index f6ede9d..851a1eb 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/terraform.yaml @@ -2,7 +2,6 @@ name: 'Terraform' on: push: - branches: [ $default-branch, 'github-actions' ] pull_request: permissions: