generated from professional-service-best-practices/best-practice-template
56 lines
No EOL
1.4 KiB
YAML
56 lines
No EOL
1.4 KiB
YAML
name: CI
|
|
|
|
on: [push]
|
|
|
|
jobs:
|
|
license-check:
|
|
name: Check License Header
|
|
runs-on: docker
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Verify license header in Terraform files
|
|
run: |
|
|
set -e
|
|
# Only checks for the presence of the word "Copyright" in the first line.
|
|
KEYWORD="Copyright"
|
|
for file in $(find . -maxdepth 1 -name "*.tf"); do
|
|
if ! head -n 1 "$file" | grep -q "$KEYWORD"; then
|
|
echo "::error file=$file,line=1::A copyright header is missing or incorrect in the first line."
|
|
exit 1
|
|
fi
|
|
done
|
|
echo "✔ Copyright header check passed for all .tf files."
|
|
|
|
|
|
secrets-scan:
|
|
name: TruffleHog Secrets Scan
|
|
runs-on: docker
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: trufflehog-actions-scan
|
|
uses: https://github.com/edplato/trufflehog-actions-scan@master
|
|
|
|
terraform:
|
|
name: Terraform CI
|
|
runs-on: docker
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Terraform
|
|
uses: https://github.com/hashicorp/setup-terraform@v3
|
|
with:
|
|
terraform_version: "1.5.7"
|
|
|
|
- name: Terraform Init
|
|
run: terraform init
|
|
|
|
- name: Terraform Format Check
|
|
run: terraform fmt -recursive -check
|
|
|
|
- name: Terraform Validate
|
|
run: terraform validate |