Merge pull request #18 from Coalfire-CF/feature/add-terraform-validat…

…e-workflow Add Terraform validation workflow with org-wide PAT
Coalfire-CF · Sep 20, 2024 · 29f23eb · 29f23eb
2 parents 902df92 + fa60426
commit 29f23eb
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/.github/workflows/org-terraform-validate.yml b/.github/workflows/org-terraform-validate.yml
@@ -1,6 +1,13 @@
 name: Terraform Validate
+
 on:
-  workflow_call:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - '**'
+  workflow_dispatch:
     inputs:
       terraform_version:
         description: 'The version of Terraform to use'
@@ -19,8 +26,14 @@ jobs:
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v3
       with:
-        terraform_version: ${{ inputs.terraform_version }}
+        terraform_version: ${{ inputs.terraform_version || '1.5.0' }}
 
+    - name: Configure Git for private modules
+      env:
+        GH_TOKEN: ${{ secrets.ORG_GITHUB_PAT }}
+      run: |
+        git config --global url."https://${GH_TOKEN}@github.com/".insteadOf "https://github.com/"
+        
     - name: Initialise with no backend
       run: terraform init -backend=false
 
@@ -31,11 +44,12 @@ jobs:
         OUTPUT=$(terraform validate)
         CLEAN_OUTPUT=$(echo "$OUTPUT" | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g")
         echo "$CLEAN_OUTPUT"
-        echo "::set-output name=result::$CLEAN_OUTPUT"
+        echo "result=$CLEAN_OUTPUT" >> $GITHUB_OUTPUT
         set -e
       continue-on-error: true
 
     - name: Create comment
+      if: github.event_name == 'pull_request'
       uses: actions/github-script@v7
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -47,4 +61,4 @@ jobs:
             repo: context.repo.repo,
             issue_number: issue_number,
             body: `Terraform validation output:\n\`\`\`\n${result}\n\`\`\``
-          });
+          });