Open source changes #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pull Request Workflow | |
on: | |
pull_request: | |
branches: | |
- main | |
jobs: | |
validate-template-code: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install AWS SAM CLI | |
run: | | |
pip install --user aws-sam-cli | |
- name: Validate SAM Templates | |
run: | | |
find . -path "./.github" -prune -o \( -name "*.yaml" -o -name "*.yml" \) -print0 | while IFS= read -r -d '' template; do | |
echo "Validating template: $template" | |
sam validate --template-file "$template" --region us-east-2 --lint | |
done | |
shell: bash | |
security: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Run CFN Nag Security Checks | |
uses: stelligent/cfn_nag@master | |
with: | |
input_path: . | |
output_path: cfn_nag.sarif | |
- name: Upload CFN Nag SARIF | |
uses: github/codeql-action/upload-sarif@v1 | |
with: | |
sarif_file: cfn_nag.sarif | |