Skip to content

SSO Permission Set support for inline IAM policies #430

SSO Permission Set support for inline IAM policies

SSO Permission Set support for inline IAM policies #430

Workflow file for this run

name: "Check Terraform"
on:
push:
branches: main
pull_request:
branches: main
jobs:
determine-modules:
name: "Determine Terraform Modules"
runs-on: ubuntu-latest
outputs:
check_modules: ${{ github.event_name == 'pull_request'
&& steps.output-changed.outputs.changed_modules
|| steps.output-all.outputs.all_modules }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Output all modules
id: output-all
run: |
JQ_OUTPUT_ALL=$(find modules -mindepth 2 -maxdepth 2 -type d | jq -MRsc 'split("\n")[:-1]')
echo "all_modules=$JQ_OUTPUT_ALL" >> $GITHUB_OUTPUT
- name: Output changed modules
if: ${{ github.event_name == 'pull_request' }}
id: output-changed
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
run: |
JQ_OUTPUT_CHANGED=$(git diff --name-only $BASE_SHA $GITHUB_SHA modules/*/*/*.tf |
cut -d/ -f1-3 | sort -u | jq -MRsc 'split("\n")[:-1]')
echo "changed_modules=$JQ_OUTPUT_CHANGED" >> $GITHUB_OUTPUT
terraform-check:
name: "Check Terraform"
runs-on: ubuntu-latest
needs: determine-modules
if: ${{ needs.determine-modules.outputs.check_modules != '[]' }}
strategy:
matrix:
module: ${{ fromJSON(needs.determine-modules.outputs.check_modules) }}
defaults:
run:
working-directory: "${{ matrix.module }}"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup
uses: hashicorp/setup-terraform@v3
- name: Terraform Format
id: fmt
run: terraform fmt -check
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate
- name: Terraform Security
uses: aquasecurity/[email protected]
with:
github_token: ${{ github.token }}
soft_fail: true
working_directory: "${{ matrix.module }}"