fix: replaced deprecated data resource #280

Workflow file for this run

	name: PR

	concurrency: pr

	on:
	pull_request:
	paths-ignore:
	- '*/.md'
	env:
	TERRAFORM_VERSION: 0.14.7
	KICS_asg_with_no_elb: '8e94dced-9bcc-4203-8eb7-7e41202b2505' # KICS Query 'Auto Scaling Group With No Associated ELB'
	KICS_iam_access_analyzer_not_enabled: 'e592a0c5-5bdb-414c-9066-5dba7cdea370' # KICS Query 'IAM Access Analyzer Not Enabled'
	KICS_kms_vulnerable_policy: '7ebc9038-0bde-479a-acc4-6ed7b6758899' # KICS Query 'KMS Key With Vulnerable Policy'
	KICS_ecs_service_with_no_tasks: '91f16d09-689e-4926-aca7-155157f634ed' # KICS Query 'ECS Service Without Running Tasks'
	KICS_passwords_and_secrets: 'a88baa34-e2ad-44ea-ad6f-8cac87bc7c71' # KICS Query 'Passwords And Secrets'

	jobs:
	format:
	name: Terraform-Format
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	- uses: hashicorp/setup-terraform@v1
	with:
	terraform_version: ${{ env.TERRAFORM_VERSION }}
	- name: Terraform Format
	id: fmt
	run: terraform fmt -recursive -check
	continue-on-error: true

	kics-scan:
	name: KICS Scan
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	path: 'repo'
	- name: KICS Github Action
	uses: checkmarx/[email protected]
	with:
	path: 'repo'
	exclude_paths: 'repo/examples'
	output_path: 'results'
	platform_type: terraform
	fail_on: high,medium
	exclude_queries: '${{ env.KICS_asg_with_no_elb }},${{ env.KICS_iam_access_analyzer_not_enabled }},${{ env.KICS_kms_vulnerable_policy }},${{ env.KICS_ecs_service_with_no_tasks }},${{ env.KICS_passwords_and_secrets }}'
	enable_comments: true
	- name: Display KICS Results
	run: \|
	cat results/results.json

	docker:
	name: Docker build and push
	runs-on: ubuntu-latest
	if: github.event.pull_request.draft == false
	needs: check-aws-credentials
	steps:
	- name: Checkout repo
	uses: actions/checkout@v3
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Login to AWS ECR
	uses: docker/login-action@v2
	with:
	registry: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com
	username: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
	password: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
	- name: Build and push
	uses: docker/build-push-action@v3
	with:
	context: docker-image
	build-args: 'KONG=2.8.1.1'
	push: true
	tags: \|
	ghcr.io/dwp/terraform-aws-kong-gateway:${{ github.run_number }}
	${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/terraform-aws-kong-gateway:${{ github.run_number }}

	check-aws-credentials:
	name: Test AWS Credentials
	runs-on: ubuntu-latest
	if: github.event.pull_request.draft == false
	steps:
	- name: Test AWS Credentials
	uses: docker://amazon/aws-cli
	with:
	args: ec2 describe-availability-zones --region us-east-1
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}

	test:
	name: Kitchen-Terraform
	runs-on: ubuntu-latest
	if: github.event.pull_request.draft == false
	needs:
	- check-aws-credentials
	- docker
	env:
	GEMFILE_DIR: .
	AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
	TF_VAR_region: eu-west-1
	TF_VAR_vpc_cidr_block: "10.0.0.0/16"
	TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}

	steps:
	- name: Checkout repo
	uses: actions/checkout@v2
	- name: Kitchen Test ECS
	uses: dwp/[email protected]
	with:
	terraform-version: 0.14.7
	kitchen-command: test hybrid-ecs --destroy=always
	aws-account-number: ${{ secrets.AWS_ACCOUNT }}
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
	TF_VAR_region: eu-west-1
	TF_VAR_environment: GHA-${{ github.run_number }}
	TF_VAR_vpc_cidr_block: "10.0.0.0/16"
	TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
	TF_VAR_image_url: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.eu-west-1.amazonaws.com/terraform-aws-kong-gateway:${{ github.run_number }}
	KONG_EE_LICENSE: ${{ secrets.KONG_EE_LICENSE }}
	- name: Kitchen Test Amazon Linux 2
	uses: dwp/[email protected]
	with:
	terraform-version: 0.14.7
	kitchen-command: test hybrid-amazon-linux --destroy=always
	aws-account-number: ${{ secrets.AWS_ACCOUNT }}
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}
	TF_VAR_region: eu-west-1
	TF_VAR_environment: GHA-${{ github.run_number }}
	TF_VAR_vpc_cidr_block: "10.0.0.0/16"
	TF_VAR_kong_database_password: ${{ secrets.KONG_DATABASE_PASSWORD }}
	- name: Deactivate AWS Credentials
	if: ${{ always() }}
	uses: docker://amazon/aws-cli
	with:
	args: iam update-access-key --access-key-id ${{ secrets.ACTIONS_ACCESS_KEY_ID }} --status Inactive
	env:
	AWS_REGION: us-east-1
	AWS_ACCESS_KEY_ID: ${{ secrets.ACTIONS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.ACTIONS_SECRET_ACCESS_KEY }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: replaced deprecated data resource #280

Workflow file

fix: replaced deprecated data resource #280

Jobs

Run details

Workflow file for this run