From 6867d27e9f33bbffc3235db771e91a08c015e1b8 Mon Sep 17 00:00:00 2001 From: Audun Nes Date: Mon, 2 Mar 2026 12:37:58 +0100 Subject: [PATCH 1/2] Remove tfsec workflows and examples from the repository --- .../workflows/security-tfsec-pr-commenter.yml | 15 ---- .github/workflows/security-tfsec-upload.yml | 21 ----- README.md | 87 ++++--------------- examples/security-tfsec-pr-commenter.yml | 11 --- examples/security-tfsec-upload.yml | 11 --- 5 files changed, 19 insertions(+), 126 deletions(-) delete mode 100644 .github/workflows/security-tfsec-pr-commenter.yml delete mode 100644 .github/workflows/security-tfsec-upload.yml delete mode 100644 examples/security-tfsec-pr-commenter.yml delete mode 100644 examples/security-tfsec-upload.yml diff --git a/.github/workflows/security-tfsec-pr-commenter.yml b/.github/workflows/security-tfsec-pr-commenter.yml deleted file mode 100644 index 6985ae3..0000000 --- a/.github/workflows/security-tfsec-pr-commenter.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: Run tfsec on pull requests - -on: - workflow_call: - -jobs: - TFSec: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@master - - name: tfsec - uses: aquasecurity/tfsec-pr-commenter-action@main - with: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/security-tfsec-upload.yml b/.github/workflows/security-tfsec-upload.yml deleted file mode 100644 index 80eb8e0..0000000 --- a/.github/workflows/security-tfsec-upload.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Run tfsec and upload - -on: - workflow_call: - -jobs: - TFSec: - runs-on: ubuntu-latest - steps: - - name: Checkout repo - uses: actions/checkout@master - - name: tfsec - uses: tfsec/tfsec-sarif-action@master - with: - sarif_file: tfsec.sarif - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@v4 - with: - # Path to SARIF file relative to the root of the repository - sarif_file: tfsec.sarif - category: Tfsec IAC Scanning diff --git a/README.md b/README.md index 5bda970..8c2c6e0 100644 --- a/README.md +++ b/README.md @@ -3,27 +3,22 @@ A repository for shared github workflows and actions, best practice for new and existing repositories. We welcome contributions. See [Contributing](docs/CONTRIBUTING.md) to get started. Shared workflows and actions: -- [Automation](#automation) - - workflows - - [Auto release](#auto-release) - - [Build lambda and upload to S3](#build-lambda-and-upload-to-s3) - - [Enforce PR labels](#enforce-pr-labels) - - [Golang test suite](#golang-test-suite) - - [Housekeeping](#housekeeping) - - [Multi architecture docker build](#multi-architecture-docker-build) - - [Block on-hold PRs](#block-on-hold-prs) - - [Add comment from PR template on Renovate pull requests](#add-comment-from-pr-template-on-renovate-pull-requests) - - actions - - [Slack Notifier](#slack-notifier) -- [Compliance](#compliance) - - actions - - [Checkov Github Actions Step](#checkov-github-actions-step) -- [Security](#security) - - workflows - - [Gitleaks](#gitleaks) - - [Run tfsec on pull requests](#run-tfsec-on-pull-requests) - - [Run tfsec and upload](#run-tfsec-and-upload) - - [Run Trivy IAC with Quality GAte](#run-trivy-iac-with-quality-gate) +- [Shared workflows and actions](#shared-workflows-and-actions) + - [Automation](#automation) + - [Auto release](#auto-release) + - [Build lambda and upload to S3](#build-lambda-and-upload-to-s3) + - [Enforce PR labels](#enforce-pr-labels) + - [Golang test suite](#golang-test-suite) + - [Housekeeping](#housekeeping) + - [Multi architecture docker build](#multi-architecture-docker-build) + - [Block on-hold PRs](#block-on-hold-prs) + - [Add comment from PR template on Renovate pull requests](#add-comment-from-pr-template-on-renovate-pull-requests) + - [Slack Notifier](#slack-notifier) + - [Compliance](#compliance) + - [Checkov Github Actions Step](#checkov-github-actions-step) + - [Security](#security) + - [Gitleaks](#gitleaks) + - [Run Trivy IAC with Quality GAte](#run-trivy-iac-with-quality-gate) ## Automation @@ -192,10 +187,10 @@ jobs: # Optional, path to the test script to run inside the container test-script-path: ./app/test.py - + # Optional, the command to run the test script inside the container test-script-cmd: "python test.py" - + # Optional, the path to the readme file to use for the docker image # It is recommended that if you do not have a specific file for the docker image, # that you use the same readme as the repository @@ -340,50 +335,6 @@ jobs: secrets: inherit ``` -### Run tfsec on pull requests - -_This is a workflow_ - -Add comments to pull requests where tfsec checks have failed. - -[Marketplace](https://github.com/marketplace/actions/run-tfsec-pr-commenter) - -How to invoke this workflow: - -```yaml -name: Run tfsec on pull requests - -on: - pull_request: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-pr-commenter.yml@master -``` - -### Run tfsec and upload - -_This is a workflow_ - -This Github Action will run the tfsec sarif check then add the report to the repo for upload. - -[Marketplace](https://github.com/marketplace/actions/run-tfsec-with-sarif-upload) - -How to invoke this workflow: - -```yaml -name: Run tfsec and upload - -on: - push: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-upload.yml@master -``` - ### Run Trivy IAC with Quality GAte _This is a workflow_ @@ -406,4 +357,4 @@ on: jobs: shared: uses: dfds/shared-workflows/.github/workflows/security-trivy-iac-check.yaml@master -``` \ No newline at end of file +``` diff --git a/examples/security-tfsec-pr-commenter.yml b/examples/security-tfsec-pr-commenter.yml deleted file mode 100644 index 3117003..0000000 --- a/examples/security-tfsec-pr-commenter.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Run tfsec on pull requests -description: Add comments to pull requests where tfsec checks have failed. -author: https://github.com/marketplace/actions/run-tfsec-pr-commenter - -on: - pull_request: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-pr-commenter.yml@master \ No newline at end of file diff --git a/examples/security-tfsec-upload.yml b/examples/security-tfsec-upload.yml deleted file mode 100644 index ebedeae..0000000 --- a/examples/security-tfsec-upload.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Run tfsec and upload -description: This Github Action will run the tfsec sarif check then add the report to the repo for upload. -author: https://github.com/marketplace/actions/run-tfsec-with-sarif-upload - -on: - push: - branches: [ "master", "main" ] - -jobs: - shared: - uses: dfds/shared-workflows/.github/workflows/security-tfsec-upload.yml@master \ No newline at end of file From d987cb85187359525ed31303f35b3ffb7d422b31 Mon Sep 17 00:00:00 2001 From: README-bot Date: Mon, 2 Mar 2026 11:38:22 +0000 Subject: [PATCH 2/2] Update readme [skip actions] --- README.md | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 8c2c6e0..1824c81 100644 --- a/README.md +++ b/README.md @@ -3,22 +3,25 @@ A repository for shared github workflows and actions, best practice for new and existing repositories. We welcome contributions. See [Contributing](docs/CONTRIBUTING.md) to get started. Shared workflows and actions: -- [Shared workflows and actions](#shared-workflows-and-actions) - - [Automation](#automation) - - [Auto release](#auto-release) - - [Build lambda and upload to S3](#build-lambda-and-upload-to-s3) - - [Enforce PR labels](#enforce-pr-labels) - - [Golang test suite](#golang-test-suite) - - [Housekeeping](#housekeeping) - - [Multi architecture docker build](#multi-architecture-docker-build) - - [Block on-hold PRs](#block-on-hold-prs) - - [Add comment from PR template on Renovate pull requests](#add-comment-from-pr-template-on-renovate-pull-requests) - - [Slack Notifier](#slack-notifier) - - [Compliance](#compliance) - - [Checkov Github Actions Step](#checkov-github-actions-step) - - [Security](#security) - - [Gitleaks](#gitleaks) - - [Run Trivy IAC with Quality GAte](#run-trivy-iac-with-quality-gate) +- [Automation](#automation) + - workflows + - [Auto release](#auto-release) + - [Build lambda and upload to S3](#build-lambda-and-upload-to-s3) + - [Enforce PR labels](#enforce-pr-labels) + - [Golang test suite](#golang-test-suite) + - [Housekeeping](#housekeeping) + - [Multi architecture docker build](#multi-architecture-docker-build) + - [Block on-hold PRs](#block-on-hold-prs) + - [Add comment from PR template on Renovate pull requests](#add-comment-from-pr-template-on-renovate-pull-requests) + - actions + - [Slack Notifier](#slack-notifier) +- [Compliance](#compliance) + - actions + - [Checkov Github Actions Step](#checkov-github-actions-step) +- [Security](#security) + - workflows + - [Gitleaks](#gitleaks) + - [Run Trivy IAC with Quality GAte](#run-trivy-iac-with-quality-gate) ## Automation @@ -187,10 +190,10 @@ jobs: # Optional, path to the test script to run inside the container test-script-path: ./app/test.py - + # Optional, the command to run the test script inside the container test-script-cmd: "python test.py" - + # Optional, the path to the readme file to use for the docker image # It is recommended that if you do not have a specific file for the docker image, # that you use the same readme as the repository @@ -357,4 +360,4 @@ on: jobs: shared: uses: dfds/shared-workflows/.github/workflows/security-trivy-iac-check.yaml@master -``` +``` \ No newline at end of file