This repository has been archived by the owner on Jan 17, 2024. It is now read-only.

Terraform Static Code Analysis #402

	name: Terraform Static Code Analysis

	on:
	workflow_dispatch:
	pull_request:
	branches:
	- main
	paths:
	- '**.tf'
	- '.github/workflows/terraform-static-analysis.yml'

	permissions:
	contents: read

	jobs:
	terraform-static-analysis:
	permissions:
	pull-requests: write
	name: Terraform Static Analysis
	runs-on: ubuntu-latest
	if: github.event_name != 'workflow_dispatch'
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@7855159a5c3a9bcd658207c894cc4ed22bd35a22 # v15.3.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: single
	tfsec_exclude: AWS089, AWS099, AWS009, AWS097, AWS018
	checkov_exclude: CKV_GIT_1
	tflint_call_module_type: none

	terraform-static-analysis-full-scan:
	permissions:
	pull-requests: write
	name: Terraform Static Analysis - scan all directories
	runs-on: ubuntu-latest
	if: github.event_name == 'workflow_dispatch'
	steps:
	- name: Checkout
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@7855159a5c3a9bcd658207c894cc4ed22bd35a22 # v15.3.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: full
	tfsec_exclude: AWS089, AWS099, AWS009, AWS097, AWS018
	checkov_exclude: CKV_GIT_1
	tflint_call_module_type: none

Provide feedback