Merge pull request #439 from communitiesuk/dependabot/terraform/terra… #631
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Terraform checks" | |
| # Quick checks that run on every PR, regardless of whether any Terraform code changed | |
| # Set as required for PRs to be merged on GitHub | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - "main" | |
| jobs: | |
| tf_fmt: | |
| name: Validate Terraform formatting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.9.3 | |
| - name: Check formatting of all Terraform files | |
| run: terraform fmt -check -diff -recursive | |
| tfsec: | |
| name: tfsec check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Clone repo | |
| uses: actions/checkout@v4 | |
| - name: tfsec | |
| uses: aquasecurity/[email protected] | |
| with: | |
| working_directory: terraform/ | |
| github_token: ${{ secrets.GITHUB_TOKEN }} |