Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document using ~/.terraformrc and/or the TF_CLI_CONFIG_FILE environment variable #62

Open
adarobin opened this issue May 20, 2022 · 0 comments
Open

Document using ~/.terraformrc and/or the TF_CLI_CONFIG_FILE environment variable #62

adarobin opened this issue May 20, 2022 · 0 comments

Comments

@adarobin
Copy link

adarobin commented May 20, 2022
edited
Loading

Some documentation on how to use .terraformrc (or the TF_CLI_CONFIG_FILE environment variable when it is available) with this GitHub Action might be useful to others. It took me a bit to figure this out, and there could very well be a better way to do it:

on:
  pull_request:
  push:
    branches: [main]

jobs:
  terrascan_job:
    runs-on: ubuntu-latest
    name: terrascan-action
    steps:
    - name: create $HOME/.terraformrc
      run: |
        mkdir -p $HOME/work/_temp/_github_home
        echo $TERRAFORMRC > $HOME/work/_temp/_github_home/.terraformrc
      env:
        TERRAFORMRC: ${{ secrets.TERRAFORMRC }}
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Run Terrascan
      id: terrascan
      uses: tenable/terrascan-action@main
      with:
        iac_type: 'terraform'
        iac_version: 'v14'
        policy_type: 'all'
        only_warn: true
        non_recursive: true

It would be very useful if I could set the TF_CLI_CONFIG_FILE environment variable to point to a credential file to allow use with Terraform modules pulled from a Terraform Registry.

https://runterrascan.io/docs/_print/#scanning-private-terraform-module-repositories

Edit: I didn't realize that this functionality was just released today at the time I submitted this issue :-). I made a fork and uped the Dockerfile to use 1.15.1 but I still can't seem to get it to work setting with this code

on:
  pull_request:
  push:
    branches: [main]

jobs:
  terrascan_job:
    runs-on: ubuntu-latest
    name: terrascan-action
    steps:
    - name: create $HOME/.terraformrc
      run: |
        echo $TERRAFORMRC > $HOME/.terraformrc
      env:
        TERRAFORMRC: ${{ secrets.TERRAFORMRC }}
    - name: Checkout repository
      uses: actions/checkout@v2
    - name: Run Terrascan
      id: terrascan
      uses: umich-vci/terrascan-action@main
      with:
        iac_type: 'terraform'
        iac_version: 'v14'
        policy_type: 'all'
        only_warn: true
        non_recursive: true
      env:
        TF_CLI_CONFIG_FILE: /github/home/.terraformrc
@adarobin adarobin changed the title Support TF_CLI_CONFIG_FILE environment variable Document using ~/.terraformrc and/or the TF_CLI_CONFIG_FILE environment variable May 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adarobin