Merge pull request #3 from clouddrove/1.0.1

update github-action

Author: yadavprakash

.github/workflows/readme.yml

@@ -18,7 +18,7 @@ jobs:
           python-version: '3.x'
 
       - name: 'create readme'
-        uses: 'clouddrove/github-actions@v6.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'readme'
           github_token: '${{ secrets.GITHUB}}'
@@ -35,7 +35,7 @@ jobs:
         continue-on-error: true
 
       - name: 'push readme'
-        uses: 'clouddrove/github-actions@v6.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         continue-on-error: true
         with:
           actions_subcommand: 'push'

.github/workflows/terraform.yml

@@ -1,60 +1,46 @@
-name: 'Terraform GitHub Actions'
+name: static-checks
+
 on:
   pull_request:
-    branches:
-      - master
 
 jobs:
-  fmt:
-    name: 'terraform fmt'
+  versionExtract:
+    name: Get min/max versions
     runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/[email protected]
-
-      - name: 'Terraform Format'
-        uses: 'clouddrove/[email protected]'
-        with:
-          actions_subcommand: 'fmt'
 
-  validate:
-    name: 'terraform validate'
-    runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
-        uses: actions/[email protected]
-
-      - name: 'Configure AWS Credentials'
-        uses: clouddrove/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
-          aws-region: us-east-2
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'terraform init'
-        uses: 'clouddrove/[email protected]'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@main
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
-      - name: 'terraform validate'
-        uses: 'clouddrove/[email protected]'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example
 
-  plan:
-    name: 'terraform plan'
+  versionEvaluate:
+    name: Evaluate Terraform versions
     runs-on: ubuntu-latest
+    needs: versionExtract
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.versionExtract.outputs.minVersion }}
+          - ${{ needs.versionExtract.outputs.maxVersion }}
+        directory:
+          - _example/
+
     steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2.3.4
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'terraform init'
-        uses: 'clouddrove/[email protected]'
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example
+          terraform_version: ${{ matrix.version }}
 
       - name: 'Configure AWS Credentials'
         uses: clouddrove/configure-aws-credentials@v1
@@ -63,38 +49,35 @@ jobs:
           aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
           aws-region: us-east-2
 
-      - name: 'terraform plan'
-        uses: 'clouddrove/[email protected]'
+      - name: Init & validate v${{ matrix.version }}
+        run: |
+          cd ${{ matrix.directory }}
+          terraform init
+          terraform validate
+          terraform plan -input=false -no-color
+
+      - name: tflint
+        uses: reviewdog/action-tflint@master
         with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example
+          github_token: ${{ secrets.GITHUB }}
+          working_directory: ${{ matrix.directory }}
+          fail_on_error: 'true'
+          filter_mode: 'nofilter'
+          flags: '--module'
 
-  pre-commit:
-    name: 'Pre-Commit'
-    needs:
-      - fmt
-      - plan
-      - validate
+  format:
+    name: Check code format
     runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/[email protected]
-
-      - name: 'Install Tflint'
-        run: |
-          curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+    needs: versionExtract
 
-      - name: 'Pre-Commit 🔎'
-        uses: pre-commit/[email protected]
-        continue-on-error: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
+      - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+          terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
+
+      - name: Check Terraform format changes
+        run: terraform fmt --recursive

.github/workflows/terratest.yml

@@ -22,7 +22,7 @@ jobs:
           aws-region: us-east-2
 
       - name: 'terratest'
-        uses: 'clouddrove/github-actions@v6.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'terratest'
           if: ${{ github.event.label.name == 'terratest' }}

.github/workflows/tfsec.yml

@@ -0,0 +1,25 @@
+name: tfsec
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: aquasecurity/[email protected]
+        with:
+          sarif_file: tfsec.sarif
+          working_directory: _example
+          full_repo_scan: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif