I want to verify checkov with terragrunt run-all plan when my workflow on GitHub Actions is triggered.I want to save the plan in tfplan.binary then convert that to JSON and have it put into plan.json in both of my environment Staging and Dev.When my workflow runs i got a message that plan is saved to tfplan.binary but when "after_hook_plan is excuted,there is no plan.json generated.Below is a snippet of my terragrunt.hcl and GitHub Actions.
terragrunt.hcl
terraform {
after_hook "after_hook_plan" {
commands = ["plan"]
execute = ["sh", "-c", "terraform show -json tfplan.binary > ${get_parent_terragrunt_dir()}/plan.json"]
}
}
GitHubActions plan
- name: Plan
id: plan
run: |
terragrunt run-all plan -out=tfplan.binary -no-color --terragrunt-non-interactive
message I got on plan
Plan: 3 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: tfplan.binary