Skip to content

fix(tf-smurf): updated tf smurf workflow to skip apply/approver if we use plan_only #240

fix(tf-smurf): updated tf smurf workflow to skip apply/approver if we use plan_only

fix(tf-smurf): updated tf smurf workflow to skip apply/approver if we use plan_only #240

Triggered via pull request July 3, 2026 17:43
Status Success
Total duration 46s
Artifacts

ci.yml

on: pull_request
✅ Validate YAML Syntax
10s
✅ Validate YAML Syntax
🧹 Lint YAML Files
5s
🧹 Lint YAML Files
🔍 Validate Workflow Structure
3s
🔍 Validate Workflow Structure
🔒 Security Scan
32s
🔒 Security Scan
📚 Validate Documentation
3s
📚 Validate Documentation
🏷️ Validate Naming Conventions
6s
🏷️ Validate Naming Conventions
🔍 Actionlint
12s
🔍 Actionlint
📝 Generate Documentation Index
0s
📝 Generate Documentation Index
⚠️ Check Deprecated Actions
3s
⚠️ Check Deprecated Actions
🔐 Validate Permissions
3s
🔐 Validate Permissions
📊 CI Summary
6s
📊 CI Summary
🩺 Diagnose failure (naoru)
0s
🩺 Diagnose failure (naoru)
Fit to window
Zoom out
Zoom in

Annotations

21 errors, 10 warnings, and 1 notice
🧹 Lint YAML Files
Process completed with exit code 1.
🔍 Actionlint: .github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2129:style:15:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck] Raw Output: e:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2129:style:15:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L272
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck] Raw Output: e:.github/workflows/ci.yml:272:9: shellcheck reported issue in this script: SC2129:style:2:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L272
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2129:style:10:3: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck] Raw Output: e:.github/workflows/ci.yml:272:9: shellcheck reported issue in this script: SC2129:style:10:3: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L259
[actionlint] reported by reviewdog 🐶 avoid using deprecated input "fail_on_error" in action "reviewdog/action-actionlint@v1": Deprecated, use `fail_level` instead [action] Raw Output: e:.github/workflows/ci.yml:259:11: avoid using deprecated input "fail_on_error" in action "reviewdog/action-actionlint@v1": Deprecated, use `fail_level` instead [action]
🔍 Actionlint
reviewdog: Too many results (annotations) in diff. You may miss some annotations due to GitHub limitation for annotation created by logging command. Please check GitHub Actions log console to see all results. Limitation: - 10 warning annotations and 10 error annotations per step - 50 annotations per job (sum of annotations from all the steps) - 50 annotations per run (separate from the job annotations, these annotations aren't created by users) Source: https://github.com/orgs/community/discussions/26680#discussioncomment-3252835
🔍 Actionlint: .github/workflows/ci.yml#L198
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2001:style:5:10: See if you can use ${variable//search/replace} instead [shellcheck] Raw Output: e:.github/workflows/ci.yml:198:9: shellcheck reported issue in this script: SC2001:style:5:10: See if you can use ${variable//search/replace} instead [shellcheck]
🔍 Actionlint: .github/workflows/cf-deploy.yml#L104
[actionlint] reported by reviewdog 🐶 property "role-to-assume" is not defined in object type {aws-region: string; bucket-prefix: string; capabilities: string; code-folder: string; github-branch: string; github-repo-name: string; organization-name: string; parameter-overrides: string; s3-bucket: string; stack-name: string; template-path: string; zip-file-name: string} [expression] Raw Output: e:.github/workflows/cf-deploy.yml:104:31: property "role-to-assume" is not defined in object type {aws-region: string; bucket-prefix: string; capabilities: string; code-folder: string; github-branch: string; github-repo-name: string; organization-name: string; parameter-overrides: string; s3-bucket: string; stack-name: string; template-path: string; zip-file-name: string} [expression]
🔍 Actionlint: .github/workflows/cf-deploy.yml#L49
[actionlint] reported by reviewdog 🐶 input "zip-file-name" of workflow_call event has the default value "main.zip", but it is also required. if an input is marked as required, its default value will never be used [events] Raw Output: e:.github/workflows/cf-deploy.yml:49:18: input "zip-file-name" of workflow_call event has the default value "main.zip", but it is also required. if an input is marked as required, its default value will never be used [events]
🔍 Actionlint: .github/workflows/cf-deploy.yml#L39
[actionlint] reported by reviewdog 🐶 input "GitHub-branch" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used [events] Raw Output: e:.github/workflows/cf-deploy.yml:39:18: input "GitHub-branch" of workflow_call event has the default value "main", but it is also required. if an input is marked as required, its default value will never be used [events]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L10
[actionlint] reported by reviewdog 🐶 input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events] Raw Output: e:.github/workflows/aws-prowler.yml:10:18: input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events]
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
🔒 Security Scan
CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
🔍 Actionlint: .github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:10:24: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2086:info:10:24: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2012:info:14:13: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck] Raw Output: i:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2012:info:14:13: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L355
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2012:info:13:18: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck] Raw Output: i:.github/workflows/ci.yml:355:9: shellcheck reported issue in this script: SC2012:info:13:18: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L272
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2012:info:11:3: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck] Raw Output: i:.github/workflows/ci.yml:272:9: shellcheck reported issue in this script: SC2012:info:11:3: Use find instead of ls to better handle non-alphanumeric filenames [shellcheck]
🔍 Actionlint: .github/workflows/ci.yml#L198
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2162:info:4:63: read without -r will mangle backslashes [shellcheck] Raw Output: i:.github/workflows/ci.yml:198:9: shellcheck reported issue in this script: SC2162:info:4:63: read without -r will mangle backslashes [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck] Raw Output: w:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint
Input 'fail_on_error' has been deprecated with message: Deprecated, use `fail_level` instead.
GitHub API token
Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits