chore(lambda): bump @types/aws-lambda from 8.10.147 to 8.10.152 in /l… #5980
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Terraform checks" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| paths: ["**/*.tf", "**/*.hcl", ".github/workflows/terraform.yml"] | |
| permissions: | |
| contents: read | |
| env: | |
| AWS_REGION: eu-west-1 | |
| jobs: | |
| verify_module: | |
| name: Verify module | |
| strategy: | |
| matrix: | |
| terraform: [1.5.6, "latest"] | |
| runs-on: ubuntu-latest | |
| container: | |
| image: hashicorp/terraform:${{ matrix.terraform }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - name: "Checkout" | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: "Fake zip files" # Validate will fail if it cannot find the zip files | |
| run: | | |
| touch lambdas/functions/webhook/webhook.zip | |
| touch lambdas/functions/control-plane/runners.zip | |
| touch lambdas/functions/gh-agent-syncer/runner-binaries-syncer.zip | |
| touch lambdas/functions/ami-housekeeper/ami-housekeeper.zip | |
| touch lambdas/functions/termination-watcher/termination-watcher.zip | |
| - name: terraform init | |
| run: terraform init -get -backend=false -input=false | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: check terraform formatting | |
| run: terraform fmt -recursive -check=true -write=false | |
| - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build | |
| name: check terraform formatting | |
| run: terraform fmt -recursive -check=true -write=false | |
| continue-on-error: true | |
| - name: validate terraform | |
| run: terraform validate | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: Fix for actions/cache on alpine | |
| run: apk add --no-cache tar | |
| continue-on-error: true | |
| - if: contains(matrix.terraform, '1.5.') | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| name: Cache TFLint plugin dir | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: tflint-${{ hashFiles('.tflint.hcl') }} | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@90f302c255ef959cbfb4bd10581afecdb7ece3e6 # v4.1.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: Run TFLint | |
| run: | | |
| tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl | |
| tflint -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars | |
| verify_modules: | |
| name: Verify modules | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| terraform: [1.5.6, "latest"] | |
| module: | |
| [ | |
| "ami-housekeeper", | |
| "download-lambda", | |
| "lambda", | |
| "multi-runner", | |
| "runner-binaries-syncer", | |
| "runners", | |
| "setup-iam-permissions", | |
| "ssm", | |
| "termination-watcher", | |
| "webhook", | |
| ] | |
| defaults: | |
| run: | |
| working-directory: modules/${{ matrix.module }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: hashicorp/terraform:${{ matrix.terraform }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: terraform init | |
| run: terraform init -get -backend=false -input=false | |
| - if: contains(matrix.terraform, '1.3.') | |
| name: check terraform formatting | |
| run: terraform fmt -recursive -check=true -write=false | |
| - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build | |
| name: check terraform formatting | |
| run: terraform fmt -recursive -check=true -write=false | |
| continue-on-error: true | |
| - name: validate terraform | |
| run: terraform validate | |
| - if: contains(matrix.terraform, '1.3.') | |
| name: Fix for actions/cache on alpine | |
| run: apk add --no-cache tar | |
| continue-on-error: true | |
| - if: contains(matrix.terraform, '1.3.') | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| name: Cache TFLint plugin dir | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: tflint-${{ hashFiles('.tflint.hcl') }} | |
| - if: contains(matrix.terraform, '1.3.') | |
| name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@90f302c255ef959cbfb4bd10581afecdb7ece3e6 # v4.1.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - if: contains(matrix.terraform, '1.3.') | |
| name: Run TFLint | |
| working-directory: ${{ github.workspace }} | |
| run: | | |
| tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl --chdir modules/${{ matrix.module }} | |
| tflint -f compact -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars --chdir modules/${{ matrix.module }} | |
| verify_examples: | |
| name: Verify examples | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| terraform: [1.5.6, "latest"] | |
| example: | |
| [ | |
| "default", | |
| "prebuilt", | |
| "ephemeral", | |
| "termination-watcher", | |
| "multi-runner", | |
| "external-managed-ssm-secrets" | |
| ] | |
| defaults: | |
| run: | |
| working-directory: examples/${{ matrix.example }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: hashicorp/terraform:${{ matrix.terraform }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: terraform init | |
| run: terraform init -get -backend=false -input=false | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: check terraform formatting | |
| run: terraform fmt -recursive -check=true -write=false | |
| - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build | |
| name: check terraform formatting | |
| run: terraform fmt -recursive -check=true -write=false | |
| continue-on-error: true | |
| - name: validate terraform | |
| run: terraform validate | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: Fix for actions/cache on alpine | |
| run: apk add --no-cache tar | |
| continue-on-error: true | |
| - if: contains(matrix.terraform, '1.5.') | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 | |
| name: Cache TFLint plugin dir | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: tflint-${{ hashFiles('.tflint.hcl') }} | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@90f302c255ef959cbfb4bd10581afecdb7ece3e6 # v4.1.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - if: contains(matrix.terraform, '1.5.') | |
| name: Run TFLint | |
| working-directory: ${{ github.workspace }} | |
| run: | | |
| tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl --chdir modules/${{ matrix.module }} | |
| tflint -f compact -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars --chdir examples/${{ matrix.example }} |