Minor update to README.md to enable PR creation #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Lint & Security | |
| on: | |
| pull_request: | |
| paths: | |
| - '**/*.tf' | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.11.4 | |
| - name: Terraform fmt check | |
| run: terraform fmt -check -recursive | |
| - name: Install TFLint | |
| run: | | |
| curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash | |
| - name: Run TFLint | |
| run: tflint --recursive | |
| # Auto-fix Terraform formatting | |
| - name: Auto-fix Terraform formatting | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| terraform fmt -recursive | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| git add . | |
| git diff --cached --quiet || git commit -m "Auto-fix Terraform formatting" | |
| git push | |
| # Install tfsec | |
| - name: Install tfsec | |
| run: curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install.sh | bash | |
| - name: Run tfsec (Security Scan) | |
| run: tfsec . --exit-code 1 | |
| # Install Checkov | |
| - name: Install Checkov | |
| run: pip install checkov | |
| - name: Run Checkov (Security Scan) | |
| run: checkov -d . --skip-check CKV_AWS_51 |