GithubHelp home page GithubHelp logo

nrkno / github-workflow-terraform-config Goto Github PK

View Code? Open in Web Editor NEW
4.0 8.0 0.0 230 KB

Reusable GitHub workflow for validating a Terraform configuration repository.

License: GNU General Public License v3.0

HCL 100.00%
github-actions github-workflow terraform

github-workflow-terraform-config's Introduction

github-workflow-terraform-config

Reusable GitHub workflow for validating a Terraform configuration repository.

Usage

You must set permissions in order to add the required id-token permissions which is off by default.

permissions:
  id-token: write
  contents: read
  pull-requests: write

name: Terraform
uses: nrkno/github-workflow-terraform-config/.github/workflows/[email protected]
  with:
    # inputs
  secrets:
    # secrets

Inputs

  • terraform-job-enabled (boolean, default true) - Enable the Terraform checks
  • terraform-version (string, default "latest") - Version of Terraform to use
  • working-directory (string, default ".") - Working directory for all workflow operations, unless documented otherwise.
  • terraform-ignore-files (string, default "") - Comma-separated list of filepaths to remove before running Terraform operations. This is relative to the working-directory argument.
  • status-comment-enabled (boolean, default true) - Post a status comment in the pull request issue after checks have completed.
  • status-comment-message (string, default "") - A custom message to append to the status comment.
  • runs-on (string, default "nrk-azure-intern") - Defines the type of machine to run the jobs on.
  • trivy-job-enabled (boolean, default true) - Scan repository for IaC vulnerabilities using Trivy.
  • trivy-ignore-unfixed (boolean, default true) - Ignore vulnerabilities that do not have a known fix.
  • trivy-sbom-enabled (boolean, default false) - Generate a Software Bill of Materials (SBOM) report.
  • trivy-severity (string, default "MEDIUM,HIGH,CRITICAL") - Comma-separated list of severity levels that should trigger errors.
  • trivy-ignore-files (string, default "") - Comma-separated list of paths to .trivyignore files. Paths are relative to the working-directory argument.
  • trivy-error-is-success (boolean, default false) - Internal: Return successfully only if Trivy finds vulnerabilities.
  • terraform-docs-job-enabled (boolean, default true) - Automatically update Terraform documentation. https://github.com/terraform-docs/gh-actions#configuration
  • terraform-docs-config-file (string, default ".terraform-docs.yaml") - Path to a Terraform docs configuration file.
  • terraform-docs-output-file (string, default "README.md") - Path to the file to update the documentation in.
  • terraform-docs-output-method (string, default "inject") - Method to use for injecting the documentation.
  • terraform-docs-git-commit-message (string, default "docs: terraform-docs automated update") - Message for the documentation commit.
  • terraform-docs-git-push (boolean, default true) - Automatically push the commit to the pull request branch.
  • terraform-docs-fail-on-diff (boolean, default true) - Internal: Fail if there are changes in the documentation.
  • terraform-docs-recursive (boolean, default false) - Generate documentation recursively for all modules in the working directory.
  • workflow-ref (string, default "") - Internal: Specify the Git ref to use when the workflow is checking out its own repository. Pass an empty string for auto-detection.

Secrets

  • registries

Developing

The workflow definition resides in .github/workflows/workflow.yaml.

References

github-workflow-terraform-config's People

Contributors

bateau84 avatar dependabot[bot] avatar github-actions[bot] avatar joberget avatar stigok avatar umglurf avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

github-workflow-terraform-config's Issues

Core changes

List of things that would be nice to do, but that are breaking

  • rename var terraform-ignore-files to terraform-files-ignore
  • prefix all terraform-specific vars with terraform-

Fix tests

The PR checks can't run its own workflow because of runs-on: self-hosted. This repo must probably be allow-listed for use of private runners.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.