From 3d2b5b924e688f1b69ac548a51abbc33cf56d7af Mon Sep 17 00:00:00 2001
From: Ryan Lopopolo <rjl@hyperbo.la>
Date: Sat, 19 Oct 2024 00:18:32 -0700
Subject: [PATCH] Fix tfsec CI job

---
 .github/workflows/ci.yaml    | 10 ++++++++++
 .github/workflows/tfsec.yaml | 32 +++++++++++++++++++++++++++++---
 2 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 350290f6..710478a8 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -63,6 +63,16 @@ jobs:
       - name: "Validate github-org-artichoke-ruby environment"
         run: terraform -chdir=github-org-artichoke-ruby validate -no-color
 
+      - name: "Init and validate github-actions-oidc-provider project"
+        run: |
+          terraform -chdir=terraform/projects/github-actions-oidc-provider init
+          terraform -chdir=terraform/projects/github-actions-oidc-provider validate -no-color
+
+      - name: "Init and validate github-actions-terraform-linting project"
+        run: |
+          terraform -chdir=terraform/projects/github-actions-terraform-linting init
+          terraform -chdir=terraform/projects/github-actions-terraform-linting validate -no-color
+
       - name: "Init and validate remote-state project"
         run: |
           terraform -chdir=terraform/projects/remote-state init
diff --git a/.github/workflows/tfsec.yaml b/.github/workflows/tfsec.yaml
index 03229128..f07f5c0a 100644
--- a/.github/workflows/tfsec.yaml
+++ b/.github/workflows/tfsec.yaml
@@ -42,7 +42,9 @@ jobs:
           terraform -chdir=github-org-artichoke init
           terraform -chdir=github-org-artichokeruby init
           terraform -chdir=github-org-artichoke-ruby init
-          terraform -chdir=remote-state init
+          terraform -chdir=terraform/projects/github-actions-oidc-provider init
+          terraform -chdir=terraform/projects/github-actions-terraform-linting init
+          terraform -chdir=terraform/projects/remote-state init
 
       - name: "tfsec aws"
         uses: docker://aquasec/tfsec:latest
@@ -76,13 +78,29 @@ jobs:
           entrypoint: tfsec
           args: github-org-artichoke-ruby
 
+      - name: "tfsec github-actions-oidc-provider"
+        uses: docker://aquasec/tfsec:latest
+        id: tfsec_gha_oidc
+        continue-on-error: true
+        with:
+          entrypoint: tfsec
+          args: terraform/projects/github-actions-oidc-provider
+
+      - name: "tfsec github-actions-terraform-linting"
+        uses: docker://aquasec/tfsec:latest
+        id: tfsec_gha_tf_lint
+        continue-on-error: true
+        with:
+          entrypoint: tfsec
+          args: terraform/projects/github-actions-terraform-linting
+
       - name: "tfsec remote-state"
         uses: docker://aquasec/tfsec:latest
         id: tfsec_remote_state
         continue-on-error: true
         with:
           entrypoint: tfsec
-          args: remote-state
+          args: terraform/projects/remote-state
 
       - name: "Check on failures"
         run: |
@@ -103,9 +121,17 @@ jobs:
             failed="y"
             echo >&2 "tfsec github-org-artichoke-ruby failed"
           fi
+          if [[ ${{ steps.tfsec_gha_oidc.outcome }} != "success" ]]; then
+            failed="y"
+            echo >&2 "tfsec terraform/projects/github-actions-oidc-provider failed"
+          fi
+          if [[ ${{ steps.tfsec_gha_tf_lint.outcome }} != "success" ]]; then
+            failed="y"
+            echo >&2 "tfsec terraform/projects/github-actions-terraform-linting failed"
+          fi
           if [[ ${{ steps.tfsec_remote_state.outcome }} != "success" ]]; then
             failed="y"
-            echo >&2 "tfsec remote-state failed"
+            echo >&2 "tfsec terraform/projects/remote-state failed"
           fi
           if [[ -n "$failed" ]]; then
             exit 1