Skip to content

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2917.0 #8376

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2917.0

Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2917.0 #8376

name: Terraform Validation
on:
pull_request:
branches:
- production
- main
- test
paths:
- '**.tf'
- '.github/workflows/validate_terraform.yml'
jobs:
pre_job:
name: Pre Job
runs-on: ubuntu-latest
outputs:
has_operations_change: ${{ steps.build_vars.outputs.has_terraform_change }}
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build vars
id: build_vars
uses: ./.github/actions/build-vars
validate_terraform_yaml:
name: Validate Terraform YAML
needs: pre_job
if: ${{ needs.pre_job.outputs.has_operations_change == 'true' }}
environment: staging
runs-on: ubuntu-latest
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Use specific version of Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: 1.7.4
terraform_wrapper: false
- name: Verify Terraform Formatting
run: terraform -chdir=operations/app/terraform/vars/staging fmt -check -recursive ../../
checkov-job:
name: Run Checkov On Terraform Code
needs: validate_terraform_yaml
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run Checkov action
uses: bridgecrewio/checkov-action@cc23a656ff707900310d6870ca2b4289fa070396
with:
directory: operations/app/terraform
skip_check: CKV_AZURE_139,CKV_AZURE_137,CKV_AZURE_103,CKV_AZURE_104,CKV_AZURE_102,CKV_AZURE_130,CKV_AZURE_121,CKV_AZURE_67,CKV_AZURE_56,CKV_AZURE_17,CKV_AZURE_63,CKV_AZURE_18,CKV_AZURE_88,CKV_AZURE_65,CKV_AZURE_13,CKV_AZURE_66,CKV_AZURE_33,CKV_AZURE_35,CKV_AZURE_36,CKV_AZURE_98,CKV2_AZURE_1,CKV2_AZURE_15,CKV2_AZURE_21,CKV_AZURE_213,CKV_AZURE_59,CKV2_AZURE_33,CKV2_AZURE_32,CKV2_AZURE_28,CKV_AZURE_206,CKV_AZURE_42,CKV_AZURE_110,CKV_AZURE_109,CKV_AZURE_166,CKV2_AZURE_38,CKV2_AZURE_40,CKV2_AZURE_41,CKV_AZURE_235,CKV_AZURE_244