diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/tflint.yaml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml new file mode 100644 index 0000000..2ba60c4 --- /dev/null +++ b/.github/workflows/tflint.yaml @@ -0,0 +1,42 @@ +name: tflint + +on: + push: + branches: [ main ] + paths: + - "terraform/**" + - ".github/workflows/tflint.yaml" + pull_request: + paths: + - "terraform/**" + - ".github/workflows/tflint.yaml" + workflow_dispatch: + +jobs: + scan: + name: Scan + + runs-on: ubuntu-latest + + permissions: + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v16 + with: + diagnostic-endpoint: "" + + - name: Build tflint report + id: tflint-run + run: | + echo "sarif-file=$(nix build --no-link --print-build-logs --print-out-paths .#tflint)" >> "$GITHUB_OUTPUT" + + - name: Upload results + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ${{ steps.tflint-run.outputs.sarif-file }} + wait-for-processing: true |