.github/workflows/build.yml

name: 'Build and Deploy'
on:
  push:
    branches:
    - master
    paths:
    - '_build_flag'
jobs: 
  #Setup Environment
  deploy_k8_cluster:
    name: 'deploy_k8'
    runs-on: ubuntu-latest
    env:
      working-directory: . 
      SG_CLIENT_ID: ${{ secrets.SG_CLIENT_ID }}
      SG_SECRET_KEY: ${{ secrets.SG_SECRET_KEY }}  
      CHKP_CLOUDGUARD_ID: ${{ secrets.CHKP_CLOUDGUARD_ID }}
      CHKP_CLOUDGUARD_SECRET: ${{ secrets.CHKP_CLOUDGUARD_SECRET }} 
      CSPM_RULE: ${{ secrets.CSPM_RULE }} 

    defaults:
      run:
        shell: bash
        
    #Checkout Code    
    steps:
    - name: Checkout
      uses: actions/checkout@v2
    
    # Insert Organization into main.tf
    - name: Insert Environment Name
      run: |
            sed -i "/organization/c\   organization\ = \"${{ secrets.ORGANIZATION }}\"" main.tf 
            sed -i "/name/c\   name\ = \"${{ secrets.WORKSPACE }}\"" main.tf
            

    #Scan terraform code prior to deployment  
    - name: ShiftLeft IaC Scan
      run: |
            chmod +x ./shiftleft
            ./shiftleft iac-assessment -r ${CSPM_RULE} --path .
      continue-on-error: true
    #Scan container to deployed as part of K8 Deployment
    - name: ShiftLeft Container Scan
      run: |
        docker pull bkimminich/juice-shop
        docker save bkimminich/juice-shop -o juice_shop.tar
        ./shiftleft image-scan --timeout 1800 --image ./juice_shop.tar
      continue-on-error: true
        
    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
      with:
        cli_config_credentials_token: ${{ secrets.TERRAFORM }}

    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terraform Init
      run: terraform init

    # Generates an execution plan for Terraform
    - name: Terraform Plan
      run: terraform plan

    # On push to master, build or change infrastructure according to Terraform configuration files
    # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
    - name: Terraform Apply
      if: github.ref == 'refs/heads/master' && github.event_name == 'push'
      run: terraform apply -auto-approve

