Merge pull request #18 from clouddrove/1.0.2

update github-action & License update

Author: yadavprakash

.github/workflows/readme.yml

@@ -18,7 +18,7 @@ jobs:
           python-version: '3.x'
 
       - name: 'create readme'
-        uses: 'clouddrove/github-actions@v8.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'readme'
           github_token: '${{ secrets.GITHUB}}'
@@ -35,7 +35,7 @@ jobs:
         continue-on-error: true
 
       - name: 'push readme'
-        uses: 'clouddrove/github-actions@v8.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         continue-on-error: true
         with:
           actions_subcommand: 'push'

.github/workflows/terraform.yml

@@ -1,129 +1,49 @@
-name: 'Terraform GitHub Actions'
+name: static-checks
+
 on:
   pull_request:
-    branches:
-      - master
 
 jobs:
-  fmt:
-    name: 'terraform fmt'
+  versionExtract:
+    name: Get min/max versions
     runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
-
-      - name: 'Terraform Format'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'fmt'
 
-  multi_node_non_vpc:
-    name: 'multi_node_non_vpc'
-    needs: fmt
-    runs-on: ubuntu-latest
     steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Checkout'
-        uses: actions/checkout@master
-
-      - name: 'Configure AWS Credentials'
-        uses: clouddrove/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
-          aws-region: us-east-2
-
-      - name: 'Terraform init multi_node_non_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/multi_node_non_vpc
-
-      - name: 'Terraform validate multi_node_non_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/multi_node_non_vpc
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@main
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
 
-      - name: 'Terraform plan multi_node_non_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/multi_node_non_vpc
 
-  multi_node_vpc:
-    name: 'multi_node_vpc'
-    needs: fmt
+  versionEvaluate:
+    name: Evaluate Terraform versions
     runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
+    needs: versionExtract
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.versionExtract.outputs.minVersion }}
+          - ${{ needs.versionExtract.outputs.maxVersion }}
+        directory:
+          - _example/multi_node_non_vpc
+          - _example/multi_node_vpc
+          - _example/single_node_non_vpc
+          - _example/single_node_vpc
 
-      - name: 'Configure AWS Credentials'
-        uses: clouddrove/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
-          aws-region: us-east-2
-
-      - name: 'Terraform init multi_node_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/multi_node_vpc
-
-      - name: 'Terraform validate multi_node_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/multi_node_vpc
-
-      - name: 'Terraform plan multi_node_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/multi_node_vpc
-
-  single_node_non_vpc:
-    name: 'single_node_non_vpc'
-    needs: fmt
-    runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Configure AWS Credentials'
-        uses: clouddrove/configure-aws-credentials@v1
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          aws-access-key-id: ${{ secrets.TEST_AWS_ACCESS_KEY }}
-          aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
-          aws-region: us-east-2
-
-      - name: 'Terraform init for single_node_non_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/single_node_non_vpc
-
-      - name: 'Terraform validate for single_node_non_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/single_node_non_vpc
-
-      - name: 'Terraform plan for single_node_non_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/single_node_non_vpc
-
-  single_node_vpc:
-    name: 'single_node_non_vpc'
-    needs: fmt
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@master
+          terraform_version: ${{ matrix.version }}
 
       - name: 'Configure AWS Credentials'
         uses: clouddrove/configure-aws-credentials@v1
@@ -132,53 +52,35 @@ jobs:
           aws-secret-access-key: ${{ secrets.TEST_AWS_ACCESS_SECRET_KEY }}
           aws-region: us-east-2
 
-      - name: 'Terraform init for single_node_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'init'
-          tf_actions_working_dir: ./_example/single_node_vpc
-
-      - name: 'Terraform validate for single_node_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'validate'
-          tf_actions_working_dir: ./_example/single_node_vpc
-
-      - name: 'Terraform plan for single_node_vpc'
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
-          actions_subcommand: 'plan'
-          tf_actions_working_dir: ./_example/single_node_vpc
-
-
-  pre-commit:
-    name: 'Pre-Commit'
-    needs:
-      - fmt
-      - multi_node_non_vpc
-      - multi_node_vpc
-      - single_node_non_vpc
-      - single_node_vpc
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Checkout'
-        uses: actions/checkout@v2.3.4
-
-      - name: 'Install Tflint'
+      - name: Init & validate v${{ matrix.version }}
         run: |
-          curl https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
+          cd ${{ matrix.directory }}
+          terraform init
+          terraform validate
+          
+
+      - name: tflint
+        uses: reviewdog/action-tflint@master
+        with:
+          github_token: ${{ secrets.GITHUB }}
+          working_directory: ${{ matrix.directory }}
+          fail_on_error: 'true'
+          filter_mode: 'nofilter'
+          flags: '--module'
+
+  format:
+    name: Check code format
+    runs-on: ubuntu-latest
+    needs: versionExtract
 
-      - name: 'Pre-Commit 🔎'
-        uses: pre-commit/action@v2.0.3
-        continue-on-error: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
 
-      - name: 'Slack Notification'
-        uses: clouddrove/action-slack@v2
+      - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
+        uses: hashicorp/setup-terraform@v1
         with:
-          status: ${{ job.status }}
-          fields: repo,author
-          author_name: 'CloudDrove'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # required
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_TERRAFORM }} # required
-        if: always()
+          terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
+
+      - name: Check Terraform format changes
+        run: terraform fmt --recursive

.github/workflows/terratest.yml

@@ -23,7 +23,7 @@ jobs:
 
       - name: 'Terratest for multi_node_non_vpc'
         if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v8.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'terratest'
           tf_actions_working_dir: '_test/multi_node_non_vpc'
@@ -32,8 +32,7 @@ jobs:
 
       - name: 'Terratest for multi_node_vpc'
         if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v8.0'
-        with:
+        uses: 'clouddrove/github-actions@v9.0.2
           actions_subcommand: 'terratest'
           tf_actions_working_dir: '_test/multi_node_vpc'
         env:
@@ -42,7 +41,7 @@ jobs:
 
       - name: 'Terratest for single_node_non_vpc'
         if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v8.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'terratest'
           tf_actions_working_dir: '_test/single_node_non_vpc'
@@ -52,7 +51,7 @@ jobs:
 
       - name: 'Terratest for single_node_vpc'
         if: ${{ github.event.label.name == 'terratest' }}
-        uses: 'clouddrove/github-actions@v8.0'
+        uses: 'clouddrove/github-actions@v9.0.2'
         with:
           actions_subcommand: 'terratest'
           tf_actions_working_dir: '_test/single_node_vpc'

.github/workflows/tfsec.yml

@@ -0,0 +1,25 @@
+name: tfsec
+on:
+  pull_request:
+
+jobs:
+  tfsec:
+    name: tfsec sarif report
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+
+      - name: tfsec
+        uses: aquasecurity/tfsec-sarif-action@v0.1.0
+        with:
+          sarif_file: tfsec.sarif
+          working_directory: _example
+          full_repo_scan: true
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          # Path to SARIF file relative to the root of the repository
+          sarif_file: tfsec.sarif