github-actions/.github/workflows/tf-security.yaml at b85d73d27edb73ab90a2c688654d913d7c9f19a7 · t3n/github-actions · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: Terraform Security
on:
  workflow_call:
    inputs:
      WORKING_DIRECTORY:
        type: string
        required: false
        default: "."
      ENVIRONMENT:
        type: string
        required: true

jobs:
  terraform-security:
    defaults:
      run:
        working-directory: ${{ inputs.WORKING_DIRECTORY }}
    runs-on: ubuntu-22.04
    steps:
      - name: download a build artifact
        uses: actions/download-artifact@v6.0.0
        id: download
        with:
          name: artifacts_${{inputs.ENVIRONMENT}}_${{github.sha}}
          path: ${{ inputs.WORKING_DIRECTORY }}

      - name: checkov
        uses: docker://bridgecrew/checkov:3.2.457@sha256:021af1112246ce9f6e8ba6acfd792e40efec59d60f64ca17cf7dce7825f55975
        with:
          entrypoint: checkov
          args: -f ${{ inputs.WORKING_DIRECTORY }}/test_${{inputs.ENVIRONMENT}}_${{github.sha}}.json -o cli -o junitxml --output-file-path ${{ inputs.WORKING_DIRECTORY }}/checkov.junit.xml -s

      - uses: actions/upload-artifact@v4.6.2
        with:
          name: checkov.junit.xml
          path: ${{ inputs.WORKING_DIRECTORY }}/checkov.junit.xml/results_junitxml.xml
          retention-days: 1