-
Notifications
You must be signed in to change notification settings - Fork 23
75 lines (62 loc) · 2.25 KB
/
validate.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: Validate terraform
on:
pull_request:
branches: [ 'main' ]
permissions:
contents: read
jobs:
build-matrix:
runs-on: ubuntu-latest
outputs:
matrix: "${{steps.list_dirs.outputs.matrix}}"
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: List tf dirs
id: list_dirs
run: |
# list all files with *.tf files, take the dirname, and dedupe with sort -u
matrix="$(find . -type f -name "*.tf" -exec dirname "{}" \; | sort -u | jq -cnR '[inputs | select(length>0)]')"
echo "matrix=${matrix}" >> "$GITHUB_OUTPUT"
validate:
runs-on: ubuntu-latest
needs:
- build-matrix
strategy:
# https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#defining-the-maximum-number-of-concurrent-jobs
max-parallel: 10
fail-fast: false
matrix:
dirs: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
- working-directory: ${{ matrix.dirs }}
run: |
terraform init
terraform validate
conclusion:
permissions:
actions: read
needs: validate
runs-on: ubuntu-latest
if: always()
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- uses: technote-space/workflow-conclusion-action@45ce8e0eb155657ab8ccf346ade734257fd196a5 # v3.0.3
- if: ${{ env.WORKFLOW_CONCLUSION == 'success' }}
working-directory: /tmp
run: echo ${{ env.WORKFLOW_CONCLUSION }} && exit 0
- if: ${{ env.WORKFLOW_CONCLUSION == 'failure' }}
working-directory: /tmp
run: echo ${{ env.WORKFLOW_CONCLUSION }} && exit 1