setup node 18 in workflow #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Continuous Integration' | |
| on: | |
| workflow_call: | |
| inputs: | |
| runs-on: | |
| description: 'Agent selection string.' | |
| required: false | |
| default: 'ubuntu-latest' | |
| type: string | |
| secrets: | |
| aws-assume-role-arn: | |
| description: 'The AWS Role ARN to assume for Terraform operations.' | |
| required: true | |
| aws-assume-role-region: | |
| description: 'The AWS region to assume IAM in for Terraform operations.' | |
| required: false | |
| terraform-registry-token: | |
| description: 'Terraform registry token to authorize Terraform operations.' | |
| required: false | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| continuous-integration: | |
| name: 'Continuous Integration' | |
| runs-on: ${{ inputs.runs-on }} | |
| env: | |
| TF_IN_AUTOMATION: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Read Terraform Version | |
| - name: Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| run: echo "TF_VERSION=$(cat .terraform-version)" >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.aws-assume-role-arn }} | |
| aws-region: ${{ secrets.aws-assume-role-region }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2.0.3 | |
| with: | |
| terraform_version: ${{ env.TF_VERSION }} | |
| cli_config_credentials_token: ${{ secrets.terraform-registry-token }} | |
| - name: Check Terraform Format | |
| run: terraform fmt -check | |
| - name: Check Terraform Syntax | |
| run: terraform init && terraform validate | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@v3 | |
| - name: Check Terraform Lint | |
| run: tflint --init && tflint -f compact | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Check Terraform Security (TFsec) | |
| uses: aquasecurity/tfsec-action@v1.0.3 | |
| - name: Check Terraform Security (Checkov) | |
| uses: bridgecrewio/checkov-action@v12 | |
| with: | |
| directory: . | |
| framework: terraform |