Core key vault firewall should not be set to "Allow public access from all networks" #9980
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build Validation | |
on: # yamllint disable-line rule:truthy | |
pull_request: | |
branches: | |
- main | |
- 'feature/**' | |
# for each ref (branch/pr) run just the most recent, | |
# cancel other pending/running ones | |
concurrency: | |
group: "${{ github.workflow }}-${{ github.head_ref }}" | |
cancel-in-progress: true | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
# Full git history is needed to get a proper list of | |
# changed files within `super-linter` | |
fetch-depth: 0 | |
persist-credentials: false | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
terraform: | |
# our Terraform uses more than just *.tf files, so need to check changes in the folder | |
- '**/terraform/**/*' | |
core: | |
- 'core/**/*' | |
core_version: | |
- 'core/version.txt' | |
docs: | |
- 'docs/**/*' | |
terraform_core: | |
- core/**/terraform/**/*.tf | |
terraform_workspaces: | |
- templates/workspaces/**/terraform/**/*.tf | |
terraform_shared_services: | |
- templates/shared_services/**/terraform/**/*.tf | |
terraform_workspace_services: | |
- templates/workspace_services/**/terraform/**/*.tf | |
- name: Terraform format check | |
if: ${{ steps.filter.outputs.terraform == 'true' }} | |
run: terraform fmt -check -recursive | |
# find all terraform folders and run validate to catch | |
# configuration errors | |
- name: Terraform validation | |
if: ${{ steps.filter.outputs.terraform == 'true' }} | |
run: | | |
find . -type d -name 'terraform' -not -path '*cnab*' -print0 \ | |
| xargs -0 -I{} sh -c 'echo "***** Validating: {} *****"; \ | |
terraform -chdir={} init -backend=false; terraform -chdir={} validate' | |
- name: "Stale version: core" | |
if: ${{ steps.filter.outputs.core == 'true' && | |
steps.filter.outputs.core_version == 'false' }} | |
run: echo "::error::Code update without version change" && exit 1 | |
- name: Lint code base | |
# the slim image is 2GB smaller and we don't use the extra stuff | |
# Moved this after the Terraform checks above due something similar to this issue: | |
# https://github.com/github/super-linter/issues/2433 | |
uses: github/super-linter/[email protected] | |
env: | |
VALIDATE_ALL_CODEBASE: false | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VALIDATE_MARKDOWN: true | |
VALIDATE_PYTHON_FLAKE8: true | |
VALIDATE_YAML: true | |
VALIDATE_TERRAFORM_TFLINT: true | |
VALIDATE_JAVA: true | |
JAVA_FILE_NAME: checkstyle.xml | |
VALIDATE_BASH: true | |
VALIDATE_BASH_EXEC: true | |
VALIDATE_GITHUB_ACTIONS: true | |
VALIDATE_DOCKERFILE_HADOLINT: true | |
VALIDATE_TSX: true | |
VALIDATE_TYPESCRIPT_ES: true | |
- name: Docs validation | |
if: ${{ steps.filter.outputs.docs == 'true' }} | |
run: | | |
pip install -r docs/requirements.txt | |
mkdocs build --strict | |
- name: Core Tags | |
if: ${{ steps.filter.outputs.terraform_core == 'true' }} | |
uses: github/super-linter/[email protected] | |
env: | |
VALIDATE_ALL_CODEBASE: false | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VALIDATE_TERRAFORM_TFLINT: true | |
TERRAFORM_TFLINT_CONFIG_FILE: .tflint_core.hcl | |
FILTER_REGEX_INCLUDE: './core/.*' | |
- name: Workspace Tags | |
if: ${{ steps.filter.outputs.terraform_workspaces == 'true' }} | |
uses: github/super-linter/[email protected] | |
env: | |
VALIDATE_ALL_CODEBASE: false | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VALIDATE_TERRAFORM_TFLINT: true | |
TERRAFORM_TFLINT_CONFIG_FILE: .tflint_workspaces.hcl | |
FILTER_REGEX_INCLUDE: './templates/workspaces/.*' | |
- name: Workspace Services Tags | |
if: ${{ steps.filter.outputs.terraform_workspace_services == 'true' }} | |
uses: github/super-linter/[email protected] | |
env: | |
VALIDATE_ALL_CODEBASE: false | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VALIDATE_TERRAFORM_TFLINT: true | |
TERRAFORM_TFLINT_CONFIG_FILE: .tflint_workspace_services.hcl | |
FILTER_REGEX_INCLUDE: './templates/workspaces/.*' | |
FILTER_REGEX_EXCLUDE: '.*user_resource.*' | |
- name: User Resources Tags | |
if: ${{ steps.filter.outputs.terraform_workspace_services == 'true' }} | |
uses: github/super-linter/[email protected] | |
env: | |
VALIDATE_ALL_CODEBASE: false | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VALIDATE_TERRAFORM_TFLINT: true | |
TERRAFORM_TFLINT_CONFIG_FILE: .tflint_user_resources.hcl | |
FILTER_REGEX_INCLUDE: './templates/workspace_services/.*/user_resources/.*' | |
- name: Shared Services Tags | |
if: ${{ steps.filter.outputs.terraform_shared_services == 'true' }} | |
uses: github/super-linter/[email protected] | |
env: | |
VALIDATE_ALL_CODEBASE: false | |
DEFAULT_BRANCH: main | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VALIDATE_TERRAFORM_TFLINT: true | |
TERRAFORM_TFLINT_CONFIG_FILE: .tflint_shared_services.hcl | |
FILTER_REGEX_INCLUDE: './templates/shared_services/.*' |