Skip to content

Commit 868107a

Browse files
smoneyan“Subramanian
smoneyan
and
“Subramanian
authored
Replace tj-actions with step-security (#109)
Co-authored-by: “Subramanian <“[email protected]”>
1 parent 7f32b91 commit 868107a

File tree

1 file changed

+18
-18
lines changed

1 file changed

+18
-18
lines changed

.github/workflows/terraform.yaml

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,12 @@ on:
3030
trivy_output:
3131
description: Save results to a file
3232
type: string
33-
default: 'trivy-results.sarif'
33+
default: "trivy-results.sarif"
3434
required: false
3535
trivy_inspect_output:
3636
description: Print trivy output for inspection, set to 'true' for debugging purposes
3737
type: string
38-
default: 'false'
38+
default: "false"
3939
required: false
4040
main_branch:
4141
description: Name of the main branch
@@ -127,7 +127,7 @@ jobs:
127127

128128
- uses: actions/setup-python@v5
129129
with:
130-
python-version: '3.11'
130+
python-version: "3.11"
131131

132132
- run: mkdir -p "${TF_PLUGIN_CACHE_DIR}"
133133
- name: Cache Terraform
@@ -156,7 +156,7 @@ jobs:
156156
- name: Setup Helm
157157
uses: azure/setup-helm@v4
158158
with:
159-
version: 'latest'
159+
version: "latest"
160160
token: ${{ secrets.GITHUB_TOKEN }}
161161

162162
- name: Pre-init Hook
@@ -225,7 +225,7 @@ jobs:
225225

226226
- uses: actions/setup-python@v5
227227
with:
228-
python-version: '3.11'
228+
python-version: "3.11"
229229

230230
- run: mkdir -p "${TF_PLUGIN_CACHE_DIR}"
231231
- name: Cache Terraform
@@ -243,7 +243,7 @@ jobs:
243243
- name: Setup Helm
244244
uses: azure/setup-helm@v4
245245
with:
246-
version: 'latest'
246+
version: "latest"
247247

248248
- name: Cache TFlint
249249
uses: actions/cache@v4
@@ -354,12 +354,12 @@ jobs:
354354
- name: Run Trivy vulnerability scanner in IaC mode
355355
uses: aquasecurity/[email protected]
356356
with:
357-
scan-type: 'config'
357+
scan-type: "config"
358358
hide-progress: false
359359
format: ${{ inputs.trivy_format }}
360360
output: ${{ inputs.trivy_output }}
361361
ignore-unfixed: true
362-
severity: 'CRITICAL,HIGH'
362+
severity: "CRITICAL,HIGH"
363363

364364
- name: Upload Trivy scan results to Github for inspection
365365
if: ${{ inputs.trivy_inspect_output == 'true' }}
@@ -383,7 +383,7 @@ jobs:
383383

384384
- name: Get changed files
385385
id: changed-files
386-
uses: tj-actions/changed-files@v44
386+
uses: step-security/changed-files@v45
387387

388388
- name: Run Checkov action
389389
id: checkov
@@ -401,7 +401,7 @@ jobs:
401401
if: inputs.upload_sarif == true
402402
uses: github/codeql-action/upload-sarif@v3
403403
with:
404-
sarif_file: 'results.sarif'
404+
sarif_file: "results.sarif"
405405

406406
fmt-validate_on_dualstack:
407407
if: github.ref_name != 'main' && inputs.enable_format == true && inputs.runner_label == 'platform-eng-ent-v2-dual'
@@ -417,7 +417,7 @@ jobs:
417417

418418
- uses: actions/setup-python@v5
419419
with:
420-
python-version: '3.11'
420+
python-version: "3.11"
421421

422422
- run: mkdir -p "${TF_PLUGIN_CACHE_DIR}"
423423
- name: Cache Terraform
@@ -446,7 +446,7 @@ jobs:
446446
- name: Setup Helm
447447
uses: azure/setup-helm@v4
448448
with:
449-
version: 'latest'
449+
version: "latest"
450450
token: ${{ secrets.GITHUB_TOKEN }}
451451

452452
- name: Pre-init Hook
@@ -514,7 +514,7 @@ jobs:
514514

515515
- uses: actions/setup-python@v5
516516
with:
517-
python-version: '3.11'
517+
python-version: "3.11"
518518

519519
- run: mkdir -p "${TF_PLUGIN_CACHE_DIR}"
520520
- name: Cache Terraform
@@ -532,7 +532,7 @@ jobs:
532532
- name: Setup Helm
533533
uses: azure/setup-helm@v4
534534
with:
535-
version: 'latest'
535+
version: "latest"
536536

537537
- name: Cache TFlint
538538
uses: actions/cache@v4
@@ -643,12 +643,12 @@ jobs:
643643
- name: Run Trivy vulnerability scanner in IaC mode
644644
uses: aquasecurity/[email protected]
645645
with:
646-
scan-type: 'config'
646+
scan-type: "config"
647647
hide-progress: false
648648
format: ${{ inputs.trivy_format }}
649649
output: ${{ inputs.trivy_output }}
650650
ignore-unfixed: true
651-
severity: 'CRITICAL,HIGH'
651+
severity: "CRITICAL,HIGH"
652652

653653
- name: Upload Trivy scan results to Github for inspection
654654
if: ${{ inputs.trivy_inspect_output == 'true' }}
@@ -672,7 +672,7 @@ jobs:
672672

673673
- name: Get changed files
674674
id: changed-files
675-
uses: tj-actions/changed-files@v44
675+
uses: step-security/changed-files@v45
676676

677677
- name: Run Checkov action
678678
id: checkov
@@ -690,4 +690,4 @@ jobs:
690690
if: inputs.upload_sarif == true
691691
uses: github/codeql-action/upload-sarif@v3
692692
with:
693-
sarif_file: 'results.sarif'
693+
sarif_file: "results.sarif"

0 commit comments

Comments
 (0)