File tree 1 file changed +34
-0
lines changed
1 file changed +34
-0
lines changed Original file line number Diff line number Diff line change @@ -11,6 +11,10 @@ defaults: &defaults
1111 docker :
1212 - image : 087285199408.dkr.ecr.us-east-1.amazonaws.com/circle-ci-test-image-base:go1.21-tf1.5-tg39.1-pck1.8-ci50.7
1313 << : *env
14+ terrascan : &terrascan
15+ docker :
16+ - image : " tenable/terrascan:1.18.3"
17+ << : *env
1418run_precommit : &run_precommit
1519 # Fail the build if the pre-commit hooks don't pass. Note: if you run $ pre-commit install locally within this repo, these hooks will
1620 # execute automatically every time before you commit, ensuring the build never fails at this step!
6468 run-go-tests --path ./test --timeout 2h --packages . | (tee /tmp/logs/all.log || true)
6569no_output_timeout : 5400s
6670 - store_results
71+ terrascan :
72+ description : Run Terrascan
73+ << : *terrascan
74+ steps :
75+ - checkout
76+ - run :
77+ name : Run terrascan
78+ command : |
79+ # We only want to fail on violations, so we need to ignore exit code 4
80+ # See https://runterrascan.io/docs/_print/#configuring-the-output-format-for-a-scan for information on terrascan exit codes.
81+ terrascan scan -d ./modules --output json || (ec=$?; if [[ $ec = 4 ]]; then exit 0; else exit $ec; fi;)
82+ no_output_timeout : 3600s
6783 upgrade_test :
6884 description : Run upgrades and post the results on the PR.
6985 << : *defaults
@@ -121,6 +137,24 @@ workflows:
121137 context :
122138 - AWS__PHXDEVOPS__circle-ci-test
123139 - GITHUB__PAT__gruntwork-ci
140+ scan :
141+ jobs :
142+ - precommit :
143+ filters :
144+ tags :
145+ only : /^v.*/
146+ context :
147+ - AWS__PHXDEVOPS__circle-ci-test
148+ - GITHUB__PAT__gruntwork-ci
149+ - terrascan :
150+ requires :
151+ - precommit
152+ filters :
153+ tags :
154+ only : /^v.*/
155+ context :
156+ - AWS__PHXDEVOPS__circle-ci-test
157+ - GITHUB__PAT__gruntwork-ci
124158 upgrade-test :
125159 jobs :
126160 - precommit :
You can’t perform that action at this time.
0 commit comments