Security Updates #34

	name: Infra Release
	on:
	pull_request:
	branches:
	- main
	paths:
	- 'terraform/**'
	- 'ci/**'

	permissions:
	contents: read
	issues: read
	checks: write
	pull-requests: write
	id-token: 'write'

	env:
	TERRAFORM_VERSION: "1.7.4"
	jobs:
	tfsec-checks:
	name: "Terraform Security Checks"
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Run TFSec
	uses: aquasecurity/[email protected]
	with:
	soft_fail: true
	working_directory : ./terraform
	format: junit
	terraform-release:
	name: "Terraform Release"
	runs-on: ubuntu-latest
	needs: [tfsec-checks]
	environment: Dev
	steps:
	- uses: actions/checkout@v4

	- name: Install Terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{env.TERRAFORM_VERSION}}

	- name: Verify Terraform version
	run: terraform --version

	# https://github.com/google-github-actions/auth
	- name: Authenticate with Google Cloud
	uses: 'google-github-actions/auth@v2'
	with:
	workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITYPROVIDER }}
	service_account: ${{ secrets.SERVICE_ACCOUNT }}

	- name: Terraform Plan
	run: \|
	chmod +x ci/scripts/*.sh
	ci/scripts/generate_tfvars.sh terraform/environments/dev ${{ secrets.PROJECT_ID }} dev
	python3 ci/scripts/execute-terraform.py --config ci/configs/pipeline-config.json --command plan --env dev

	- name: Terraform Apply
	run: \|
	chmod +x ci/scripts/*.sh
	ci/scripts/generate_tfvars.sh terraform/environments/dev ${{ secrets.PROJECT_ID }} dev
	python3 ci/scripts/execute-terraform.py --config ci/configs/pipeline-config.json --command apply --env dev

Provide feedback