From 8f7c7512306ac10e30218ac6cf39eb31d4677f88 Mon Sep 17 00:00:00 2001 From: Lefteris Gilmaz Date: Tue, 14 Oct 2025 16:55:48 +0100 Subject: [PATCH 1/2] Test pipeline scan workflow --- .github/workflows/pipeline-scan.yml | 15 +++++++++++++-- infra/data.tf | 3 +++ infra/main.tf | 2 +- infra/providers.tf | 6 +++--- infra/variables.tf | 3 +++ 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pipeline-scan.yml b/.github/workflows/pipeline-scan.yml index eeab55a..5ffb025 100644 --- a/.github/workflows/pipeline-scan.yml +++ b/.github/workflows/pipeline-scan.yml @@ -8,8 +8,19 @@ on: value: ${{ jobs.pipeline-scan.outputs.result }} jobs: - # 🚧 REPLACE THIS ENTIRE 'jobs:' SECTION WITH WORKSHOP CONTENT! 🚧 - # Copy from: workshop/pipeline_scan/{tool}/workflow.yml + checkout-leak: + name: "actions/checkout can leak GitHub credentials" + runs-on: ubuntu-latest + permissions: + contents: read # As we're going to expose this file, let's limit the permissions + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Show `.git/config` content + run: | + cat .git/config pipeline-scan: name: "🚧 Pipeline Scan - Workshop Placeholder" diff --git a/infra/data.tf b/infra/data.tf index 1c5352f..a0bf1bd 100644 --- a/infra/data.tf +++ b/infra/data.tf @@ -6,6 +6,7 @@ data "aws_vpc" "existing" { filter { name = "tag:Name" values = ["platform-vpc"] + } } @@ -40,3 +41,5 @@ data "aws_lb" "existing" { data "aws_lb_target_group" "existing" { name = var.target_group_name } + + diff --git a/infra/main.tf b/infra/main.tf index b6337c2..d756e5f 100644 --- a/infra/main.tf +++ b/infra/main.tf @@ -19,7 +19,7 @@ resource "aws_ecr_repository" "app" { Name = var.app_name Environment = var.environment } -} +} # ============================================================================== # CLOUDWATCH LOGS diff --git a/infra/providers.tf b/infra/providers.tf index 505818f..76c517e 100644 --- a/infra/providers.tf +++ b/infra/providers.tf @@ -1,15 +1,15 @@ terraform { required_version = ">= 1.0" - + required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } - + backend "s3" { - bucket = "workshop-terraform-state" + bucket = "workshop-terraform-state-lefteris" key = "workshop/terraform.tfstate" region = "us-east-1" } diff --git a/infra/variables.tf b/infra/variables.tf index 7f4f1c9..aec8d48 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -2,6 +2,7 @@ variable "aws_region" { description = "AWS region for resources" type = string default = "us-east-1" + } variable "environment" { @@ -69,3 +70,5 @@ variable "logs_kms_key_arn" { type = string default = "" } + + From cd1b076d47202a5ce5f9389471a1a8871bf2d49e Mon Sep 17 00:00:00 2001 From: Lefteris Gilmaz Date: Tue, 14 Oct 2025 19:42:38 +0100 Subject: [PATCH 2/2] Add push trigger to orchestration --- .github/workflows/pipeline-orchestrator.yml | 2 ++ .github/workflows/pipeline-scan.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/pipeline-orchestrator.yml b/.github/workflows/pipeline-orchestrator.yml index 08eb243..2d1f247 100644 --- a/.github/workflows/pipeline-orchestrator.yml +++ b/.github/workflows/pipeline-orchestrator.yml @@ -1,6 +1,8 @@ name: Pipeline Orchestrator on: + push: + branches: [main] pull_request: branches: [main] diff --git a/.github/workflows/pipeline-scan.yml b/.github/workflows/pipeline-scan.yml index 5ffb025..d2ee1e7 100644 --- a/.github/workflows/pipeline-scan.yml +++ b/.github/workflows/pipeline-scan.yml @@ -21,6 +21,7 @@ jobs: - name: Show `.git/config` content run: | cat .git/config + pipeline-scan: name: "🚧 Pipeline Scan - Workshop Placeholder"