-
Notifications
You must be signed in to change notification settings - Fork 2
/
common_build.gradle
103 lines (85 loc) · 3.07 KB
/
common_build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/*
* This file was generated by the Gradle 'init' task.
*
* This is a general purpose Gradle build.
* Learn more about Gradle by exploring our samples at https://docs.gradle.org/7.5.1/samples
*/
// Clean with : cleanTfInit
def tfInit = tasks.register("tfInit") {
inputs.file("versions.tf")
.withPropertyName("terraform-version-tf")
.withPathSensitivity(PathSensitivity.RELATIVE)
outputs.dir(file(".terraform")).withPropertyName("terraform-download-dir")
doLast {
exec { commandLine "terraform", "init" }
exec { commandLine "terraform", "providers", "lock", "-platform=darwin_amd64", "-platform=darwin_arm64","-platform=linux_amd64", "-platform=linux_arm64" }
}
}
def tfValidate = tasks.register("tfValidate", Exec) {
dependsOn tfInit
inputs.files(fileTree(".").filter { File f ->
f.name.endsWith(".tf")
})
outputs.upToDateWhen {
return true
}
commandLine "terraform", "validate"
}
def tflintInit = tasks.register("tflintInit", Exec) {
outputs.dir(file("$System.env.USER_HOME/.tflint.d/plugins")).withPropertyName("tflinit-plugin-dir")
commandLine "tflint", "--init"
}
def tflint = tasks.register('tflint', Exec) {
dependsOn tflintInit
inputs.files(fileTree(".").filter { File f ->
f.name.endsWith(".tf")
})
outputs.upToDateWhen {
return true
}
commandLine "tflint"
}
// Clean with: cleanTfsec
def tfsec = tasks.register('tfsec') {
inputs.files(fileTree(".").filter { File f ->
f.name.endsWith(".tf")
})
outputs.file(file("results.json")).withPropertyName("result")
doLast {
exec { commandLine "tfsec", ".", "--concise-output", "--minimum-severity", "HIGH", "--format", "lovely,json",
"--exclude", "$tfSecExcludeRules", "--out", "results" }
}
}
// Clean with: cleanCheckovConfigCheck
def checkovConfigCheck = tasks.register('checkovConfigCheck') {
inputs.files(fileTree(".").filter { File f ->
f.name.endsWith(".tf")
})
outputs.dir(file("checkov-config-reports")).withPropertyName("checkov-report")
doLast {
mkdir "checkov-config-reports/checkov-config-check-report"
mkdir "checkov-config-reports/checkov-module-check-report"
exec { commandLine "checkov", "--quiet","--framework", "all","-d", ".","--hard-fail-on","HIGH", "--output-file-path", "checkov-config-reports/checkov-config-check-report" }
exec { commandLine "checkov", "--quiet","--framework", "all","-d", ".terraform","--hard-fail-on","HIGH", "--output-file-path", "checkov-config-reports/checkov-module-check-report" }
}
}
def terraformDoc = tasks.register('terraformDoc') {
inputs.files(fileTree(".").filter { File f ->
f.name.endsWith(".tf")
})
doLast {
exec { commandLine "terraform-docs", "." }
}
}
clean.dependsOn(cleanTfInit)
clean.dependsOn(cleanTfsec)
clean.dependsOn(cleanCheckovConfigCheck)
check.dependsOn(checkovConfigCheck)
check.dependsOn(tfValidate)
check.dependsOn(tflint)
check.dependsOn(tfsec)
tflint.configure { shouldRunAfter(tfValidate) }
tfsec.configure { shouldRunAfter(tflint) }
checkovConfigCheck.configure { shouldRunAfter(tfsec) }
assemble.dependsOn(check)
assemble.dependsOn(terraformDoc)