mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-11-09 07:17:10 -05:00
1fe1ca3b55
* deps: update GitHub action dependencies * ci: dont update Go through renovate --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems>
40 lines
1,010 B
YAML
40 lines
1,010 B
YAML
name: Terraform security scanner
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "release/**"
|
|
paths:
|
|
- "**.tf"
|
|
- ".github/workflows/test-tfsec.yml"
|
|
pull_request:
|
|
paths:
|
|
- "**.tf"
|
|
- ".github/workflows/test-tfsec.yml"
|
|
|
|
jobs:
|
|
tfsec:
|
|
name: tfsec
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
pull-requests: write
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: tfsec
|
|
uses: aquasecurity/tfsec-pr-commenter-action@5b483d46fb4fd0cbe2259cf68354a3fb23aa70fe
|
|
with:
|
|
soft_fail_commenter: true
|
|
tfsec_formats: default,text
|
|
tfsec_args: --force-all-dirs
|
|
github_token: ${{ github.token }}
|
|
|
|
- name: tfsec summary
|
|
shell: bash
|
|
run: tail -n 27 results.text >> "$GITHUB_STEP_SUMMARY"
|