/
action.yaml
59 lines (54 loc) · 2.52 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: test
description: test
inputs:
github_token:
description: |
GitHub Access Token
pull-requests:write - Create pull request comments and reviews
contents:write - Push commits
required: false
default: ${{ github.token }}
runs:
using: composite
steps:
- uses: suzuki-shunsuke/tfaction/get-target-config@main
id: target-config
- name: terraform validate
run: |
github-comment exec \
-config "${GITHUB_ACTION_PATH}/github-comment.yaml" \
-k terraform-validate \
-var "tfaction_target:${TFACTION_TARGET}" \
-- "$TF_COMMAND" validate
working-directory: ${{ steps.target-config.outputs.working_directory }}
shell: bash
env:
GITHUB_TOKEN: ${{ inputs.github_token }}
TF_COMMAND: ${{ steps.target-config.outputs.terraform_command }}
- uses: suzuki-shunsuke/trivy-config-action@6c7c845cbf76e5745c4d772719de7a34453ae81d # v0.2.2
if: fromJSON(steps.target-config.outputs.enable_trivy) && steps.target-config.outputs.destroy != 'true'
with:
github_token: ${{ inputs.github_token }}
working_directory: ${{ steps.target-config.outputs.working_directory }}
github_comment: "true"
- uses: suzuki-shunsuke/github-action-tfsec@6b4afce3060c0d8865d269de0c5fabc90e1b20f7 # v1.0.0
if: fromJSON(steps.target-config.outputs.enable_tfsec) && steps.target-config.outputs.destroy != 'true'
with:
github_token: ${{ inputs.github_token }}
working_directory: ${{ steps.target-config.outputs.working_directory }}
github_comment: "true"
ignore_hcl_errors: "true"
# deep check requires AWS credentials
- uses: suzuki-shunsuke/github-action-tflint@0b7fbc35b0d512749f35c3036df57c3a95d3e9e1 # v1.1.0
if: fromJSON(steps.target-config.outputs.enable_tflint) && steps.target-config.outputs.destroy != 'true'
with:
github_token: ${{ inputs.github_token }}
working_directory: ${{ steps.target-config.outputs.working_directory }}
github_comment: "true"
- uses: suzuki-shunsuke/github-action-terraform-fmt@388ce9deea65edd9a9a3a60bee140732c3dad7a2 # v0.2.1
if: steps.target-config.outputs.destroy != 'true'
with:
working_directory: ${{ steps.target-config.outputs.working_directory }}
github_token: ${{ inputs.github_token }}
skip_push: ${{ github.event_name != 'pull_request' && ! startsWith(github.event_name, 'pull_request_') }}
terraform_command: ${{ steps.target-config.outputs.terraform_command }}