Skip to content

leostolyarov/regula-action

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

regula-action

Regula is a tool that evaluates Terraform infrastructure-as-code for potential security misconfigurations and compliance violations prior to deployment. This is a GitHub Action to run Regula against your repository.

Example

Here's an example workflow file:

on: [push]
jobs:
  regula_job:
    runs-on: ubuntu-latest
    name: Regula
    steps:
    - uses: actions/checkout@master
    - name: Regula
      id: regula
      uses: fugue/[email protected]
      with:
        terraform_directory: .
        rego_paths: /opt/regula/rules
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

You can see this example in action in the regula-ci-example.

Inputs

  • terraform_directory: the directory where your terraform files are located. This defaults to ..
  • rego_paths: all paths that need to be passed to OPA. This is typically /opt/regula/rules, which contains some default Regula rules, but you can also pass paths within your repository for custom checks.

Environment variables

Because Regula runs terraform init, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set. Your AWS account will not be modified, but if you want to be absolutely certain about this you can always create a dummy user within your account.

How to use this GitHub Action

To use Regula to evaluate the Terraform in your own repository via GitHub Actions, see the instructions in regula-ci-example. The example walks through how to use this GitHub Action in your own repo.

About

No description, website, or topics provided.

Resources

Security policy

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 57.8%
  • Dockerfile 42.2%