-
Notifications
You must be signed in to change notification settings - Fork 7
85 lines (73 loc) · 2.21 KB
/
pre-commit.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: "run-pre-commit-hooks"
# This workflow runs the pre-commit hooks defined in .pre-commit-config.yaml
on:
pull_request:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pre-commit:
runs-on: ${{ matrix.os }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
strategy:
matrix:
os: [ubuntu-latest]
tf: [1.5.7]
tflint: [v0.50.3]
tfsec: [v1.28.5]
shfmt: [v3.8.0]
shellcheck: [v0.10.0]
permissions:
pull-requests: write
id-token: write
contents: read
steps:
- name: Checkout from Github
uses: actions/checkout@v4
- name: Install Python3
uses: actions/setup-python@v5
- name: Install tflint
uses: terraform-linters/setup-tflint@v4
with:
tflint_version: ${{ matrix.tflint }}
- name: Cache tflint plugin dir
uses: actions/cache@v4
with:
path: ~/.tflint.d/plugins
key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
- name: Install Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ matrix.tf }}
- name: Config Terraform plugin cache
run: |
echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
mkdir --parents ~/.terraform.d/plugin-cache
- name: Cache Terraform
uses: actions/cache@v4
with:
path: |
~/.terraform.d/plugin-cache
key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-
- name: Install tfsec
uses: jaxxstorm/[email protected]
with:
repo: aquasecurity/tfsec
platform: linux
arch: amd64
tag: ${{ matrix.tfsec }}
- name: Install shfmt
uses: jaxxstorm/[email protected]
with:
repo: mvdan/sh
platform: linux
arch: amd64
tag: ${{ matrix.shfmt }}
extension-matching: disable
rename-to: shfmt
chmod: 0755
- uses: pre-commit/[email protected]