From c43746545c4cdc4a04e32a198d971f34dca88f20 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Mon, 3 Feb 2025 05:18:34 -0500
Subject: ci: add hclfmt and tflint checks

---
 .github/workflows/tflint.yaml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/tflint.yaml

(limited to '.github/workflows/tflint.yaml')

diff --git a/.github/workflows/tflint.yaml b/.github/workflows/tflint.yaml
new file mode 100644
index 0000000..2ba60c4
--- /dev/null
+++ b/.github/workflows/tflint.yaml
@@ -0,0 +1,42 @@
+name: tflint
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - "terraform/**"
+      - ".github/workflows/tflint.yaml"
+  pull_request:
+    paths:
+      - "terraform/**"
+      - ".github/workflows/tflint.yaml"
+  workflow_dispatch:
+
+jobs:
+  scan:
+    name: Scan
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v16
+        with:
+          diagnostic-endpoint: ""
+
+      - name: Build tflint report
+        id: tflint-run
+        run: |
+          echo "sarif-file=$(nix build --no-link --print-build-logs --print-out-paths .#tflint)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload results
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.tflint-run.outputs.sarif-file }}
+          wait-for-processing: true
-- 
cgit v1.2.3