resolving warnings #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: IaC | |
| on: | |
| push: | |
| branches: | |
| - iac | |
| permissions: | |
| contents: read | |
| jobs: | |
| ansible-lint: | |
| name: Ansible Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Run ansible-lint | |
| uses: ansible/ansible-lint@main | |
| with: | |
| working_directory: ./ansible | |
| terraform-lint: | |
| name: Terraform Lint | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./terraform | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@v4 | |
| with: | |
| tflint_version: v0.52.0 | |
| - name: Show version | |
| run: tflint --version | |
| - name: Init TFLint | |
| run: tflint --init | |
| - name: Run TFLint | |
| run: tflint -f compact | |
| terraform-sec: | |
| name: Terraform Security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name : Check out Git Repository | |
| uses: actions/checkout@v4 | |
| - name: Run Tfsec | |
| uses: aquasecurity/[email protected] | |
| terraform: | |
| name: Terraform | |
| runs-on: ubuntu-latest | |
| environment: production | |
| needs: | |
| - ansible-lint | |
| - terraform-lint | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./terraform | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| shell: bash | |
| run: | | |
| eval `ssh-agent -s` | |
| mkdir -p /home/runner/.ssh/ | |
| touch /home/runner/.ssh/ecdsa_ansible /home/runner/.ssh/ecdsa_ansible.pub | |
| echo -e "${{secrets.ANSIBLE_SSH}}" > /home/runner/.ssh/ecdsa_ansible | |
| echo -e "${{secrets.ANSIBLE_SSH_PUB}}" > /home/runner/.ssh/ecdsa_ansible.pub | |
| chmod 700 /home/runner/.ssh/ecdsa_ansible | |
| chmod 644 /home/runner/.ssh/ecdsa_ansible.pub | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| - name: Terraform Init | |
| run: terraform init | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| TF_VAR_google_project_number: ${{ secrets.GOOGLE_PROJECT_NUMBER }} | |
| - name: Terraform Validate | |
| run: terraform validate | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| TF_VAR_google_project_number: ${{ secrets.GOOGLE_PROJECT_NUMBER }} | |
| - name: Terraform Plan | |
| run: terraform plan -input=false | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| TF_VAR_google_project_number: ${{ secrets.GOOGLE_PROJECT_NUMBER }} | |
| # - name: Terraform Apply | |
| # run: terraform apply -auto-approve -input=false | |
| # env: | |
| # GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
| # TF_VAR_google_project_number: ${{ secrets.GOOGLE_PROJECT_NUMBER }} | |
| # # ansible: | |
| # # name: Ansible | |
| # # runs-on: ubuntu-latest | |
| # # environment: production | |
| # # defaults: | |
| # # run: | |
| # # shell: bash | |
| # # working-directory: ./ansible | |
| # # steps: | |
| # # - name: Checkout | |
| # # uses: actions/checkout@v4 | |
| # - name: Run Ansible Playbook | |
| # shell: bash | |
| # working-directory: ./ansible | |
| # env: | |
| # ANSIBLE_HOST_KEY_CHECKING: False | |
| # run: | | |
| # sleep 120 | |
| # ansible-playbook -vvv -i ./inventory.yml main.yml |