workflows.yaml

name: Github Workflow Checks
on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
  workflow_call:
permissions: write-all
jobs:
  terraform:
    name: TF Linting Check
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v2
        with:
          fetch-depth: 1
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v1.3.2
      - name: Setup Nodejs
        uses: actions/setup-node@v1
      - name: Run `terraform fmt`
        id: fmt
        run: terraform fmt -diff -check -no-color -recursive

  trufflehog-scan:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Installing trufflehog
      run: |
        curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin
    - name: Run Trufflehog
      run: |
        trufflehog git file://. --since-commit HEAD --only-verified --fail