update github-action

Mamraj Yadav · Mamraj Yadav · commit 6157bfa79ca7 · 2022-04-14T17:51:54.000+05:30
diff --git a/.github/workflows/readme.yml b/.github/workflows/readme.yml
@@ -42,13 +42,13 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
 
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
-        with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+#      - name: 'Slack Notification'
+#        uses: clouddrove/action-slack@v2
+#        with:
+#          status: ${{ job.status }}
+#          fields: repo,author
+#          author_name: 'CloudDrove'
+#        env:
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+#          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+#        if: always()
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -1,91 +1,85 @@
-name: 'Terraform GitHub Actions'
+name: static-checks
+
 on:
   pull_request:
-    branches:
-      - master
 
 jobs:
-  terraform:
-    name: 'Terraform'
+  versionExtract:
+    name: Get min/max versions
     runs-on: ubuntu-latest
+
     steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: Configure AWS Credentials
-        uses: clouddrove/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
-          aws-region: us-east-2
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@main
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
-      - name: 'Terraform Format'
-        uses: 'clouddrove/github-actions@v9.0.1'
-        with:
-          actions_subcommand: 'fmt'
 
-      - name: 'Terraform init for memcached'
-        uses: 'clouddrove/github-actions@v9.0.1'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/memcached
+  versionEvaluate:
+    name: Evaluate Terraform versions
+    runs-on: ubuntu-latest
+    needs: versionExtract
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.versionExtract.outputs.minVersion }}
+          - ${{ needs.versionExtract.outputs.maxVersion }}
+        directory:
+          - _example/memcached
+          - _example/redis
+          - _example/redis-cluster
 
-      - name: 'Terraform validate for memcached'
-        uses: 'clouddrove/github-actions@v9.0.1'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/memcached
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Terraform plan for memcached'
-        uses: 'clouddrove/github-actions@v9.0.1'
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/memcached
+          terraform_version: ${{ matrix.version }}
 
-      - name: 'Terraform init for redis'
-        uses: 'clouddrove/github-actions@v9.0.1'
+      - name: 'Configure AWS Credentials'
+        uses: clouddrove/configure-aws-credentials@v1
         with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/redis
+          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
+          aws-region: us-east-2
 
-      - name: 'Terraform validate for redis'
-        uses: 'clouddrove/github-actions@v9.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/redis
+      - name: Init & validate v${{ matrix.version }}
+        run: |
+          cd ${{ matrix.directory }}
+          terraform init
+          terraform validate
+          terraform plan -input=false -no-color
 
-      - name: 'Terraform plan for redis'
-        uses: 'clouddrove/github-actions@v9.0.1'
+      - name: tflint
+        uses: reviewdog/action-tflint@master
         with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/redis
+          github_token: ${{ secrets.GITHUB }}
+          working_directory: ${{ matrix.directory }}
+          fail_on_error: 'true'
+          filter_mode: 'nofilter'
+          flags: '--module'
 
-      - name: 'Terraform init for redis-cluster'
-        uses: 'clouddrove/github-actions@v9.0.1'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/redis-cluster
+  format:
+    name: Check code format
+    runs-on: ubuntu-latest
+    needs: versionExtract
 
-      - name: 'Terraform validate for redis-cluster'
-        uses: 'clouddrove/github-actions@v9.0.1'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/redis-cluster
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Terraform plan for redis-cluster'
-        uses: 'clouddrove/github-actions@v9.0.1'
+      - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/redis-cluster
+          terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
 
-
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
-        with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+      - name: Check Terraform format changes
+        run: terraform fmt --recursive
diff --git a/.github/workflows/terratest.yml b/.github/workflows/terratest.yml
@@ -39,14 +39,14 @@ jobs:
           tf_actions_working_dir: '_test/redis-cluster'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
-        with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+#
+#      - name: 'Slack Notification'
+#        uses: clouddrove/action-slack@v2
+#        with:
+#          status: ${{ job.status }}
+#          fields: repo,author
+#          author_name: 'CloudDrove'
+#        env:
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
+#          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
+#        if: always()
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -0,0 +1,25 @@
+name: tfsec
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-sarif-action@v0.1.0
+        with:
+          sarif_file: tfsec.sarif
+          working_directory: _example
+          full_repo_scan: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif
diff --git a/LICENSE b/LICENSE
diff --git a/README.yaml b/README.yaml
