Add terraform scanner wokrflow #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lint Code Base | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| pull_request_review: | |
| types: [submitted] | |
| permissions: | |
| contents: read | |
| jobs: | |
| lint: | |
| if: github.event_name == 'pull_request' || (github.event_name == 'pull_request_review' && github.event.review.state == 'approved') | |
| name: Lint Code Base | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| # Check out the head of the PR specifically | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| # Full git history is needed to get a proper list of changed files within `super-linter` | |
| fetch-depth: 0 | |
| # Disable credential persistence to harden the runner | |
| persist-credentials: false | |
| - name: Fetch base branch for diff | |
| run: git fetch --no-tags --prune origin "+refs/heads/${{ github.event.pull_request.base.ref }}:refs/remotes/origin/${{ github.event.pull_request.base.ref }}" | |
| - name: Lint Code Base | |
| uses: super-linter/super-linter@12150456a73e248bdc94d0794898f94e23127c88 # v7 | |
| env: | |
| VALIDATE_ALL_CODEBASE: false | |
| DEFAULT_BRANCH: ${{ github.event.pull_request.base.ref }} | |
| GITHUB_SHA: ${{ github.event.pull_request.head.sha }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |