Check

workflows: use full version numbers #25

Summary
Jobs
- OpenTofu
- Trivy
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Check
	on:
	push:
	branches:
	- main
	pull_request:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	opentofu:
	name: OpenTofu
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	env:
	TFC_AWS_RUN_ROLE_ARN: ${{ secrets.amazon_role }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- uses: opentofu/setup-opentofu@592200bd4b9bbf4772ace78f887668b1aee8f716 # v1.0.5

	- name: OpenTofu fmt
	id: fmt
	run: tofu fmt -check

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	aws-region: us-east-1
	role-to-assume: ${{ secrets.amazon_role }}

	- name: OpenTofu Init
	id: init
	run: tofu init

	- name: OpenTofu Validate
	id: validate
	run: tofu validate -no-color

	- name: OpenTofu Plan
	env:
	GITHUB_TOKEN: ${{ secrets.TF_GH_TOKEN }}
	DNSIMPLE_ACCOUNT: ${{ secrets.TF_DNSIMPLE_ACCOUNT }}
	DNSIMPLE_TOKEN: ${{ secrets.TF_DNSIMPLE_TOKEN }}
	run: \|
	tofu plan -no-color -detailed-exitcode \
	-var-file .tfvars \
	-var='email_overrides=${{ secrets.email_overrides }}'

	trivy:
	name: Trivy
	runs-on: ubuntu-latest
	permissions:
	contents: read
	actions: read
	pull-requests: write
	steps:
	- name: Checkout code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Run Trivy vulnerability scanner in IaC mode
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
	with:
	scan-type: config
	format: table
	hide-progress: true
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH'
	output: trivy.txt
	exit-code: '1'

	- name: Publish Trivy Output to Summary
	if: always()
	run: \|
	if [[ -s trivy.txt ]]; then
	{
	echo "### Security Output"
	echo "<details><summary>Click to expand</summary>"
	echo ""
	echo '```terraform'
	cat trivy.txt
	echo '```'
	echo "</details>"
	} >> $GITHUB_STEP_SUMMARY
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

workflows: use full version numbers #25

Workflow file

workflows: use full version numbers #25

Jobs

Run details

Workflow file for this run