ci: enable CRA scan (#243)

.github/workflows/ci.yml

@@ -9,7 +9,6 @@ jobs:
   call-terraform-ci-pipeline:
     uses: terraform-ibm-modules/common-pipeline-assets/.github/workflows/common-terraform-module-ci-v2.yml@v1.17.0
     secrets: inherit
-#     with:
-#       craSCCv2: true
-#       craTarget: "./"
-#       craEnvironmentVariables: "TF_VAR_enable_key_protect=true,TF_VAR_kp_name=prodkeys, TF_VAR_enable_secrets_manager=false"
+    with:
+      craSCCv2: true
+      craConfigYamlFile: "cra-config.yaml"

cra-config.yaml

@@ -0,0 +1,11 @@
+# More info about this file at https://github.com/terraform-ibm-modules/common-pipeline-assets/blob/main/.github/workflows/terraform-test-pipeline.md#cra-config-yaml
+version: "v1"
+CRA_TARGETS:
+  - CRA_TARGET: "./" # Target directory for CRA scan. If not provided, the CRA Scan will not be run.
+    CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
+    PROFILE_ID: "0e6e7b5a-817d-4344-ab6f-e5d7a9c49520" # SCC profile ID (currently set to the FSCloud 1.4.0 profile).
+    SCC_INSTANCE_ID: "293a81bc-b706-4a2b-b2f8-36010a0373f6" # The SCC instance ID to use to download profile for CRA scan. If not provided, a default global value will be used.
+    SCC_REGION: "us-south" # The IBM Cloud region that the SCC instance is in. If not provided, a default global value will be used.
+    # CRA_ENVIRONMENT_VARIABLES:  # An optional map of environment variables for CRA, where the key is the variable name and value is the value. Useful for providing TF_VARs.
+    #   TF_VAR_sample: "sample value"
+    #   TF_VAR_other:  "another value"

cra-tf-validate-ignore-goals.json → cra-tf-validate-ignore-rules.json

@@ -1,5 +1,4 @@
 {
     "description": "Ignore goals list for Terraform IBM DevSecOps ALM",
-    "scc_goals": [
-    ]
+    "scc_rules": []
 }