rancher
/
terraform-github-rke2-download
mirror of https://github.com/rancher/terraform-github-rke2-download.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
terraform-github-rke2-download/.github/workflows/validate.yaml

137 lines
4.1 KiB
YAML
Raw Blame History

name: validate
on:
pull_request:
branches:
- main
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: nicknovitski/nix-develop@v1.1.0
with:
arguments: |
--ignore-environment \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
--keep HOME \
--keep SSH_AUTH_SOCK \
--keep GITHUB_TOKEN \
--keep AWS_ROLE \
--keep AWS_REGION \
--keep AWS_DEFAULT_REGION \
--keep AWS_ACCESS_KEY_ID \
--keep AWS_SECRET_ACCESS_KEY \
--keep AWS_SESSION_TOKEN \
--keep UPDATECLI_GPGTOKEN \
--keep UPDATECLI_GITHUB_TOKEN \
--keep UPDATECLI_GITHUB_ACTOR \
--keep GPG_SIGNING_KEY \
--keep NIX_ENV_LOADED \
--keep TERM \
${{ github.workspace }}
- uses: actions/cache/restore@v4
id: cache-terraform-restore
with:
path: ${{ github.workspace }}/.terraform
key: terraform
- run: terraform init -upgrade
- uses: actions/cache/save@v4
id: cache-terraform-save
with:
path: ${{ github.workspace }}/.terraform
key: ${{ steps.cache-terraform-restore.outputs.cache-primary-key }}
- run: cd ${{ github.workspace }}/examples/basic && terraform version && terraform init -upgrade && terraform validate && cd ${{ github.workspace }}
- run: terraform fmt -check -recursive
actionlint:
name: 'Lint Workflows'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: nicknovitski/nix-develop@v1.1.0
with:
arguments: |
--ignore-environment \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
--keep HOME \
--keep SSH_AUTH_SOCK \
--keep GITHUB_TOKEN \
--keep AWS_ROLE \
--keep AWS_REGION \
--keep AWS_DEFAULT_REGION \
--keep AWS_ACCESS_KEY_ID \
--keep AWS_SECRET_ACCESS_KEY \
--keep AWS_SESSION_TOKEN \
--keep UPDATECLI_GPGTOKEN \
--keep UPDATECLI_GITHUB_TOKEN \
--keep UPDATECLI_GITHUB_ACTOR \
--keep GPG_SIGNING_KEY \
--keep NIX_ENV_LOADED \
--keep TERM \
${{ github.workspace }}
- run: actionlint
tflint:
name: 'TFLint'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: terraform-linters/setup-tflint@v4
with:
tflint_version: latest
- run: tflint --version
- run: tflint --init
- run: tflint -f compact
shellcheck:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: ludeeus/action-shellcheck@master
validate-commit-message:
name: Validate Commit Message
runs-on: ubuntu-latest
steps:
- uses: amannn/action-semantic-pull-request@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
gitleaks:
name: 'Scan for Secrets'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: nicknovitski/nix-develop@v1.1.0
with:
arguments: |
--ignore-environment \
--extra-experimental-features nix-command \
--extra-experimental-features flakes \
--keep HOME \
--keep SSH_AUTH_SOCK \
--keep GITHUB_TOKEN \
--keep AWS_ROLE \
--keep AWS_REGION \
--keep AWS_DEFAULT_REGION \
--keep AWS_ACCESS_KEY_ID \
--keep AWS_SECRET_ACCESS_KEY \
--keep AWS_SESSION_TOKEN \
--keep UPDATECLI_GPGTOKEN \
--keep UPDATECLI_GITHUB_TOKEN \
--keep UPDATECLI_GITHUB_ACTOR \
--keep GPG_SIGNING_KEY \
--keep NIX_ENV_LOADED \
--keep TERM \
${{ github.workspace }}
- run: gitleaks detect --no-banner -v --no-git
- run: gitleaks detect --no-banner -v
Reference in New Issue View Git Blame Copy Permalink