Action in Github for verifying that cloudfomation templates meet a built-in pre-defined set of rules.
GitHub Repository: https://github.com/aws-cloudformation/cloudformation-guard
Additionally there is a Dockerfile, and a makebin.sh script that provides a consistent method for generating new binaries as needed.
It is recommended that this code be moved into another repository, and that the binares are stored in Artifactory and not stored in GitHub.
None
None
name: Test Cloud Formation Templates - PubAction
on:
workflow_dispatch:
jobs:
Test_All_cloudformation_templates:
runs-on: ubuntu-18.04
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout Code
uses: actions/checkout@v2
# uses publicly available github action
- name: Cloudformation-guard Test
uses: acn-tesch/cfg-action@check-allPrivate Actions are more complicated, and rely on a public action in order to function. This example yaml is still a work in progress.
For details on how to write rules use the [reference documentation(https://github.com/aws-cloudformation/cloudformation-guard/tree/master/cfn-guard#writing-rules)
All rules for this action are stored in the rules folder.
The default rules file rules/cfn-guard-sg-rule-testing.ruleset
Included in this repository is a VS code development container that can be used to test cloud formation guard.
You must first install the "Remote-Development" extension and the docker on your local workstation.
Workflow "docker-publish.yml" defines how the container is build, and uploaded as a github package.