Skip to content
Secure DevSecOps Pipeline

Testing #15

Sign in to view logs

Testing

Testing #15

Workflow file for this run

.github/workflows/ci-cd.yml at a07fdb9
name: Secure DevSecOps Pipeline
on:
push:
branches:
- main
pull_request:
jobs:
iac-scan:
name: Terraform Lint & Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.6.6
- name: Terraform Init
run: terraform -chdir=terraform init
- name: Terraform Validate
run: terraform -chdir=terraform validate
- name: Install TFLint
run: |
curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
- name: Run TFLint
run: tflint --chdir=terraform
cost-estimation:
name: Infracost Cost Estimation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.6.6
- name: Install Infracost
run: |
curl -sL https://raw.githubusercontent.com/infracost/infracost/master/scripts/install.sh | sh
- name: Setup Infracost API Key
run: infracost configure set api_key ${{ secrets.INFRACOST_API_KEY }}
- name: Generate Infracost breakdown
run: |
infracost breakdown --path=terraform \
--format=json \
--out-file=/tmp/infracost.json
- name: Output Infracost report
run: |
infracost output --path=/tmp/infracost.json \
--format=table
docker-scan:
name: Docker Build & Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build Docker image
run: docker build -t secure-infra-app .
- name: Scan Docker image for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: secure-infra-app
format: table
exit-code: 0
ignore-unfixed: true
deploy:
name: Terraform Deploy
runs-on: ubuntu-latest
needs: [iac-scan, cost-estimation, docker-scan]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.6.6
- name: Terraform Init
run: terraform -chdir=terraform init
- name: Terraform Apply (Auto-Approve)
run: terraform -chdir=terraform apply -auto-approve