chore(deps): update reviewdog/action-tfsec action to v1.27.0 #315

Workflow file for this run

.github/workflows/terraform.yml at cf4a933

	name: Terraform

	on: [push]

	jobs:

	# -- TESTS ------------------------------------------------------------------
	tests:
	runs-on: ubuntu-latest

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3

	- name: Terraform Format
	id: fmt
	run: terraform fmt -check
	continue-on-error: true

	- name: Terraform Init
	id: init
	run: terraform init

	- name: Terraform Plan
	id: apply
	run: terraform plan

	# -- SAST SCAN --------------------------------------------------------------
	code-security:
	runs-on: ubuntu-latest
	needs: tests
	# Skip any PR created by dependabot to avoid permission issues
	if: (github.actor != 'dependabot[bot]')

	steps:
	- name: Harden GitHub Actions Runner
	uses: step-security/harden-runner@d7cf128fba8343bb6666acf77451879c0530cac8
	with:
	egress-policy: audit

	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Perform Scan
	uses: ShiftLeftSecurity/scan-action@master

	env:
	WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SCAN_ANNOTATE_PR: true

	- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
	with:
	name: reports
	path: reports

	# -- DOCUMENTATION ----------------------------------------------------------
	documentation:
	runs-on: ubuntu-latest
	needs: tests

	steps:
	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Terraform Docs
	uses: terraform-docs/gh-actions@e47bfa196e79fa50987ef391be236d9d97b0c786 # v1.2.0
	with:
	working-dir: .
	output-file: USAGE.md
	output-method: inject
	git-push: "true"
	git-commit-message: "chore(docs): update Terraform docs"

	# -- RELEASE ----------------------------------------------------------------
	release:
	runs-on: ubuntu-latest
	needs:
	- tests
	- code-security
	- documentation
	if: github.ref == 'refs/heads/main'

	steps:
	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	ref: 'main' # Force checkout of main branch to avoid caching from previous jobs
	persist-credentials: false

	- name: Semantic Release
	uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d # v3.4.2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update reviewdog/action-tfsec action to v1.27.0 #315

Workflow file

chore(deps): update reviewdog/action-tfsec action to v1.27.0 #315

Jobs

Run details

Workflow file for this run