Skip to content
Developer Experience

chore(deps): update bridgecrewio/checkov-action action to v12.2896.0 #505

Sign in to view logs

chore(deps): update bridgecrewio/checkov-action action to v12.2896.0

chore(deps): update bridgecrewio/checkov-action action to v12.2896.0 #505

Workflow file for this run

.github/workflows/dev-experience.yml at e02ee06
name: Developer Experience
on:
workflow_dispatch:
pull_request_target:
types:
- opened
- synchronize
- reopened
- edited
branches:
- main
permissions: read-all
concurrency:
group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}"
cancel-in-progress: true
jobs:
terraform-check:
name: Terraform Check
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
issues: write # for create or update comment
pull-requests: write # for create or update comment
strategy:
fail-fast: false
matrix:
include:
- version: ~1.8.0
- version: ~1.9.0
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- name: Configure Terraform plugin cache
run: |
echo 'plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"' > ~/.terraformrc
mkdir -p ~/.terraform.d/plugin-cache
- name: Cache Terraform
uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
with:
path: ~/.terraform.d/plugin-cache
key: "${{ runner.os }}-terraform-${{ hashFiles(format('{0}/.terraform.lock.hcl', matrix.version)) }}"
restore-keys: "${{ runner.os }}-terraform-"
- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_version: ${{ matrix.version }}
- name: Save terraform version to output
id: terraform-version
run: |
terraform version
echo "TERRAFORM_VERSION=$(terraform version --json | jq -r '.terraform_version')" >> $GITHUB_OUTPUT
- name: Terraform Format
id: fmt
run: terraform fmt -recursive -check -diff
continue-on-error: true
- name: Terraform Init
id: init
run: terraform init -no-color
continue-on-error: true
- name: Terraform Validate
id: validate
run: terraform validate -no-color
continue-on-error: true
- name: Find Comment
uses: peter-evans/find-comment@v3
id: find-comment
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: |
Terraform-Check (version: ${{ steps.terraform-version.outputs.TERRAFORM_VERSION }})
- name: Create or update comment
uses: peter-evans/create-or-update-comment@v4
with:
comment-id: ${{ steps.find-comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
### Terraform-Check (version: ${{ steps.terraform-version.outputs.TERRAFORM_VERSION }}): ${{ steps.fmt.outcome == 'success' && steps.init.outcome == 'success' && steps.validate.outcome == 'success' && '✅' || '❌' }}
<details><summary>🖌 Terraform Format: ${{ steps.fmt.outcome == 'success' && '✅' || '❌' }}</summary>
```
# Outputs:
${{ steps.fmt.outputs.stdout }}
# Errors:
${{ steps.fmt.outputs.stderr }}
```
</details>
<details><summary>⚙️ Terraform Init: ${{ steps.init.outcome == 'success' && '✅' || '❌' }}</summary>
```
# Outputs:
${{ steps.init.outputs.stdout }}
# Errors:
${{ steps.init.outputs.stderr }}
```
</details>
<details><summary>🤖 Terraform Validate: ${{ steps.validate.outcome == 'success' && '✅' || '❌' }}</summary>
```
# Outputs:
${{ steps.validate.outputs.stdout }}
# Errors:
${{ steps.validate.outputs.stderr }}
```
</details>
- name: Fail on error
if: ${{
steps.fmt.outcome != 'success'
|| steps.init.outcome != 'success'
|| steps.validate.outcome != 'success'
}}
run: |
exit 1
commitlint:
name: Commitlint
runs-on: ubuntu-latest
permissions:
contents: read # for actions/checkout to fetch code
issues: write # for create or update comment
pull-requests: write # for create or update comment
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
ref: refs/pull/${{ github.event.pull_request.number }}/merge
- name: Setup Node and Yarn Cache
uses: ./.github/actions/setup-node-and-yarn-cache
with:
cache-dependency-path: .github/commitlint/yarn.lock
- name: Yarn install
run: yarn install --immutable --immutable-cache
working-directory: ./.github/commitlint
- name: Validate current commit (last commit) with commitlint
if: github.event_name == 'push'
run: yarn commitlint --last --verbose
working-directory: ./.github/commitlint
- name: Validate PR commits with commitlint
if: github.event_name == 'pull_request_target'
id: validate
run: |
yarn commitlint --from ${{ github.event.pull_request.head.sha }}~${{ github.event.pull_request.commits }} --to ${{ github.event.pull_request.head.sha }} --verbose > commitlint_output.txt
working-directory: ./.github/commitlint
- name: Print commitlint output
if: ${{ always() }}
run: |
echo $(cat ./.github/commitlint/commitlint_output.txt)
- name: Set commitlint output to env
if: ${{ always() }}
run: |
{
echo 'commitlint_output<<EOF'
cat ./.github/commitlint/commitlint_output.txt
echo EOF
} >> "$GITHUB_ENV"
- name: Find Comment
if: ${{ always() }}
uses: peter-evans/find-comment@v3
id: find-comment
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: |
Commitlint-Check
- name: Create or update commitlint comment on failure
if: ${{ failure() }}
uses: peter-evans/create-or-update-comment@v4
with:
comment-id: ${{ steps.find-comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
### Commitlint-Check
Thanks for your contribution :heart:
Unfortunately, [commitlint](https://commitlint.js.org) has detected that this PR has one ore more commit messages that do not follow the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/) :scream_cat:
```
${{ env.commitlint_output }}
```
Please update the commit messages accordingly.
reactions: eyes
- name: Create or update commitlint comment on success
if: ${{ success() }}
uses: peter-evans/create-or-update-comment@v4
with:
comment-id: ${{ steps.find-comment.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
edit-mode: replace
body: |
### Commitlint-Check
Thanks for your contribution :heart:
[commitlint](https://commitlint.js.org) has detected that all commit messages in this PR follow the [conventional commit format](https://www.conventionalcommits.org/en/v1.0.0/) :tada:
reactions: hooray
dev_xperience_status_check:
name: DevXperience status check
if: ${{ always() && !cancelled() }}
runs-on: ubuntu-latest
needs:
- terraform-check
- commitlint
steps:
- name: Fail on error
# see https://stackoverflow.com/a/67532120/4907315 and https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
}}
run: |
echo There are failing or cancelled jobs
exit 1