Trying * for all ecs task in iam policy. (#183) #888
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform CI/CD | |
on: | |
push: | |
branches: | |
- "**" | |
paths-ignore: | |
- docs/**.md | |
- "*.md" | |
jobs: | |
terraform_linter: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone git repo | |
uses: actions/checkout@v1 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 0.14.2 | |
- name: Terraform Linter Check (Formatting) | |
run: | | |
terraform fmt -recursive -check | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: Install Go | |
uses: actions/setup-go@v1 | |
with: | |
go-version: "1.15" # The Go version to download (if necessary) and use. | |
- name: "Terraform Code Standards Check" | |
run: | | |
GO111MODULE="on" go get github.com/terraform-docs/[email protected] | |
export PATH=$HOME/go/bin:$PATH | |
pip3 install --pre slalom.dataops | |
s-infra check_tf_metadata ./catalog/aws \ | |
--check_module_headers \ | |
--required_input_vars=[name_prefix,resource_tags,environment] \ | |
--required_output_vars=[summary] \ | |
--check_input_descriptions \ | |
--check_output_descriptions \ | |
--raise_error | |
s-infra check_tf_metadata ./components/aws \ | |
--check_module_headers \ | |
--required_input_vars=[name_prefix,resource_tags,environment] \ | |
--required_output_vars=[] \ | |
--check_input_descriptions \ | |
--check_output_descriptions \ | |
--raise_error | |
tf_test: | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 8 | |
fail-fast: false | |
matrix: | |
# python-version: [3.7] | |
sample-id: | |
- airflow-on-aws | |
- dbt-and-singer-on-aws | |
- kitchen-sink-on-aws | |
- ml-ops-on-aws | |
- ml-ops-on-aws-img-recognition | |
- mysql-on-aws | |
- postgres-on-aws | |
- redshift-on-aws | |
- s3-lambda-trigger | |
- secrets-manager-on-aws | |
- sftp-on-aws | |
- tableau-on-aws | |
steps: | |
- name: Clone git repo | |
uses: actions/checkout@v1 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 0.14.2 | |
terraform_wrapper: false | |
- name: "Terraform Init (${{ matrix.sample-id }})" | |
run: | | |
cd ./samples/${{ matrix.sample-id }} | |
terraform init | |
- name: "Terraform Validate (${{ matrix.sample-id }})" | |
run: | | |
cd ./samples/${{ matrix.sample-id }} | |
terraform validate | |
- name: "Rename all secrets file templates" | |
run: | | |
sudo apt-get install rename | |
find . -name "*.template" | xargs rename -v "s/\.template//g" | |
- name: "Terraform Plan (${{ matrix.sample-id }})" | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
run: | | |
cd ./samples/${{ matrix.sample-id }} | |
terraform plan -out plan.out | tee plan.out.txt | |
terraform show -json plan.out > plan.out.json | |
md5sum plan.out | head -c 32 > plan.out.md5 | |
- name: Upload Plan File Artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ matrix.sample-id }}-plans | |
path: samples/${{ matrix.sample-id }}/plan.out* | |
- name: Set up Python 3.7 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.7 | |
- name: "Install Terraform-Compliance" | |
run: | | |
pip install terraform-compliance | |
- name: "Terraform Compliance Checks (${{ matrix.sample-id }})" | |
run: | | |
cd ./samples/${{ matrix.sample-id }} | |
terraform-compliance -p plan.out.json -f ../../tests/rules | tee compliance.out.txt | |
- name: Upload Compliance File Artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: ${{ matrix.sample-id }}-compliance | |
path: samples/${{ matrix.sample-id }}/compliance.out.txt |