ci #113

Workflow file for this run

	name: ci

	on:
	pull_request:
	branches:
	- main
	push:
	branches:
	- main
	schedule:
	- cron: 0 0 * * *

	jobs:
	tofu-fmt:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Setup OpenTofu
	uses: opentofu/setup-opentofu@v1
	- name: Tofu format
	run: \|
	tofu fmt -check -recursive

	release-please:
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	outputs:
	releases_created: ${{ steps.release-please.outputs.releases_created }}
	tag_name: ${{ steps.release-please.outputs.tag_name }}
	permissions:
	contents: write
	pull-requests: write
	steps:
	- id: release-please
	name: Release please
	uses: googleapis/release-please-action@v4
	with:
	release-type: terraform-module

	build-docs:
	if: github.event_name == 'push' && github.ref == 'refs/heads/main'
	runs-on: ubuntu-latest
	environment:
	name: github-pages
	url: ${{ steps.deployment.outputs.page_url }}
	permissions:
	contents: read
	pages: write
	id-token: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Setup Python
	uses: actions/setup-python@v5
	with:
	python-version: 3.x
	- name: Install dependencies
	run: \|
	pip install -U pip -r requirements.txt
	- name: Install Terraform docs
	run: \|
	curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.19.0/terraform-docs-v0.19.0-$(uname)-amd64.tar.gz
	tar -xzf terraform-docs.tar.gz
	chmod +x terraform-docs
	mv terraform-docs /usr/local/bin/terraform-docs
	- name: Prepare the docs
	run: ./scripts/build-docs.sh
	- name: Build the docs
	run: mkdocs build
	- name: Setup Pages
	uses: actions/configure-pages@v5
	- name: Upload artifact
	uses: actions/upload-pages-artifact@v3
	with:
	path: mkdocs
	- name: Deploy to GitHub Pages
	id: deployment
	uses: actions/deploy-pages@v4

	trivy:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	scan-type:
	- fs
	- config
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Run Trivy vulnerability scanner in fs mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: ${{ matrix.scan-type }}
	scan-ref: "."
	trivy-config: trivy.yaml
	format: "sarif"
	output: "trivy-results.sarif"
	- if: always()
	name: Upload Trivy results to Github Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: trivy-results-${{ matrix.scan-type }}
	path: trivy-results.sarif

	kubescape:
	runs-on: ubuntu-latest
	permissions:
	actions: read
	contents: read
	security-events: write
	steps:
	- uses: actions/checkout@v4
	- uses: kubescape/github-action@main
	continue-on-error: true
	with:
	frameworks: AllControls
	outputFile: results.sarif
	format: sarif
	- uses: actions/upload-artifact@v4
	with:
	name: kubescape-results
	path: results.sarif
	if-no-files-found: warn
	retention-days: 7
	compression-level: 6
	overwrite: true

	labeler:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	permissions:
	contents: read
	pull-requests: write
	issues: write
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: PR Labeler
	uses: srvaroa/labeler@master
	env:
	GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
	with:
	config_path: .github/labeler.yml
	use_local_config: false
	fail_on_error: false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci #113

Workflow file

ci #113

Jobs

Run details

Workflow file for this run