Merge pull request #21 from clouddrove/1.0.2

fix github-action

Author: yadavprakash

.github/workflows/readme.yml

@@ -18,7 +18,7 @@ jobs:
           python-version: '3.x'
 
       - name: 'create readme'
-        uses: 'clouddrove/github-actions@v7.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'readme'
           github_token: '${{ secrets.GITHUB}}'
@@ -34,7 +34,7 @@ jobs:
         continue-on-error: true
 
       - name: 'push readme'
-        uses: 'clouddrove/github-actions@v7.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         continue-on-error: true
         with:
           actions_subcommand: 'push'

.github/workflows/terraform.yml

@@ -1,61 +1,46 @@
-name: 'Terraform GitHub Actions'
+name: static-checks
+
 on:
   pull_request:
-    branches:
-      - master
+
 jobs:
-  fmt:
-    name: 'terraform fmt'
+  versionExtract:
+    name: Get min/max versions
     runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2.3.4
-
-      - name: 'Terraform Format'
-        uses: 'clouddrove/github-actions@v7.0'
-        with:
-          actions_subcommand: 'fmt'
 
-  DNS:
-    name: 'DNS'
-    needs: fmt
-    runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2.3.4
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Configure AWS Credentials'
-        uses: clouddrove/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
-          aws-region: us-east-2
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@main
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
-      - name: 'Terraform init for generate certificate dns'
-        uses: 'clouddrove/github-actions@v7.0'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/generate-certificate-dns
-
-      - name: 'Terraform validate for generate certificate dns'
-        uses: 'clouddrove/github-actions@v7.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/generate-certificate-dns
 
-      - name: 'Terraform plan for generate certificate dns'
-        uses: 'clouddrove/github-actions@v7.0'
-        with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/generate-certificate-dns
-  Email:
-    name: 'Email'
-    needs: fmt
+  versionEvaluate:
+    name: Evaluate Terraform versions
     runs-on: ubuntu-latest
+    needs: versionExtract
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.versionExtract.outputs.minVersion }}
+          - ${{ needs.versionExtract.outputs.maxVersion }}
+        directory:
+          - _example/
+
     steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Checkout'
-        uses: actions/checkout@v2.3.4
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ matrix.version }}
 
       - name: 'Configure AWS Credentials'
         uses: clouddrove/configure-aws-credentials@v1
@@ -64,55 +49,34 @@ jobs:
           aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
           aws-region: us-east-2
 
-      - name: 'Terraform init for generate certificate email'
-        uses: 'clouddrove/github-actions@v7.0'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/generate-certificate-email
-
-      - name: 'Terraform validate for generate certificate email'
-        uses: 'clouddrove/github-actions@v7.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/generate-certificate-email
+      - name: Init & validate v${{ matrix.version }}
+        run: |
+          cd ${{ matrix.directory }}
+          terraform init
+          terraform validate
 
-      - name: 'Terraform plan for generate certificate email'
-        uses: 'clouddrove/github-actions@v7.0'
+      - name: tflint
+        uses: reviewdog/action-tflint@master
         with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/generate-certificate-email
-
-  pre-commit:
-    name: 'Pre-Commit'
-    needs:
-      - fmt
-      - DNS
-      - Email
+          github_token: ${{ secrets.GITHUB }}
+          working_directory: ${{ matrix.directory }}
+          fail_on_error: 'true'
+          filter_mode: 'nofilter'
+          flags: '--module'
+
+  format:
+    name: Check code format
     runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2.3.4
-
-      - name: 'Install Tflint'
-        run: |
-          curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
-
-      - name: 'Pre-Commit 🔎'
-        uses: pre-commit/action@v2.0.3
-        continue-on-error: true
+    needs: versionExtract
 
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Pre-Commit 🔎'
-        uses: pre-commit/action@v2.0.3
-        continue-on-error: true
-
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
+      - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+          terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
+
+      - name: Check Terraform format changes
+        run: terraform fmt --recursive

.github/workflows/terratest.yml

@@ -23,7 +23,7 @@ jobs:
 
       - name: 'Terratest Generate Certificate DNS'
         if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v7.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'terratest'
           tf_actions_working_dir: _test/generate-certificate-dns
@@ -58,7 +58,7 @@ jobs:
 
       - name: 'Terratest Generate Certificate Email'
         if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v7.0'
+        uses: 'clouddrove/github-actions@v9.0.1'
         with:
           actions_subcommand: 'terratest'
           tf_actions_working_dir: _test/generate-certificate-email

.github/workflows/tfsec.yml

@@ -0,0 +1,25 @@
+name: tfsec
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-sarif-action@v0.1.0
+        with:
+          sarif_file: tfsec.sarif
+          working_directory: _example
+          full_repo_scan: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif