ci: add hclfmt and tflint checks

author: Seth Flynn <[email protected]> 2025-02-03 05:18:34 -0500
committer: Seth Flynn <[email protected]> 2025-02-03 05:34:09 -0500
commit: c43746545c4cdc4a04e32a198d971f34dca88f20 (patch)
tree: b5f3e38e34957371152c04bf087a897e8f098a83 /.github/workflows
parent: 082ef6167ea188de4a0439fe63baaca41b19b45b (diff)
1 files changed, 42 insertions, 0 deletions
diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml
new file mode 100644
index 0000000..2ba60c4
--- /dev/null
+++ b/.github/workflows/tflint.yaml
@@ -0,0 +1,42 @@
+name: tflint
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - "terraform/**"
+      - ".github/workflows/tflint.yaml"
+  pull_request:
+    paths:
+      - "terraform/**"
+      - ".github/workflows/tflint.yaml"
+  workflow_dispatch:
+
+jobs:
+  scan:
+    name: Scan
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v16
+        with:
+          diagnostic-endpoint: ""
+
+      - name: Build tflint report
+        id: tflint-run
+        run: |
+          echo "sarif-file=$(nix build --no-link --print-build-logs --print-out-paths .#tflint)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.tflint-run.outputs.sarif-file }}
+          wait-for-processing: true
author	Seth Flynn <[email protected]>	2025-02-03 05:18:34 -0500
committer	Seth Flynn <[email protected]>	2025-02-03 05:34:09 -0500
commit	c43746545c4cdc4a04e32a198d971f34dca88f20 (patch)
tree	b5f3e38e34957371152c04bf087a897e8f098a83 /.github/workflows
parent	082ef6167ea188de4a0439fe63baaca41b19b45b (diff)