-
Notifications
You must be signed in to change notification settings - Fork 4
41 lines (34 loc) · 1.25 KB
/
nctl-scan-terraform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: NCTL Scan Terraform Demo
run-name: ${{ github.actor }} has triggered Scan Action 🚀
on:
pull_request:
branches:
- "main"
push:
branches:
- "main"
env:
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
AWS_SESSION_TOKEN: ${{secrets.AWS_SESSION_TOKEN}}
jobs:
NCTL-Scan-Terraform:
runs-on: ubuntu-latest
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- name: Check out repository code
uses: actions/checkout@v4
- name: nctl-scan-installer
uses: nirmata/action-install-nctl-scan@v0.0.4
- run: echo "🖥️ The workflow is now ready to test your code on the runner."
- name: Check nctl version
run: nctl version
- name: NCTL Scan - Terraform
# cd config-files/terraform/ecs
# terraform init
# terraform plan -out tfplan.binary
# terraform show -json tfplan.binary | jq > payload.json
run: |
./scripts/install-tf.sh
nctl scan terraform --policies controls/terraform-best-practices --resources config-files/terraform/ecs/payload.json
- run: echo "🍏 This job's status is ${{ job.status }}."