Skip to content

tflint Findings Upload

Actions
Run tflint and upload sarif results to GitHub Security findings
v0.4.0
Latest
By The-Infra-Company
Star (2)

Tags

 (2)
code-reviewcode-quality

github-action-tflint-upload Latest Release

A GitHub Action to run tflint and post the results to the GitHub Security tab.

findings

Usage

name: tflint

on:
  pull_request:
    branches: [ 'main' ]
    types: [ opened, synchronize, reopened, closed, labeled, unlabeled ]

jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - name: Clone repo
        uses: actions/checkout@v4

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3

      - name: Terraform Init
        run: terraform init
        working-directory: "terraform/modules/vpc"

      - name: Run tflint
        uses: The-Infra-Company/github-action-tflint-upload@a742d2ea7d35dc6a3cc8e929daf199f5e9a848ae # v0.2.0
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          tflint_version: "v0.49.0" # TFLint added a "Bug Fix" with v0.50.0 that added .tflint.hcl as a requirement
          working_directory: "terraform/modules/vpc"
          tflint_rulesets: "aws"
          flags: >-
            --disable-rule=terraform_unused_required_providers
            --disable-rule=terraform_deprecated_index

Inputs

name description required default
github_token

GITHUB_TOKEN

 true ${{ github.token }}
working_directory

Directory to run the action on, from the repo root. Default is . (root of the repository)

 false .
tflint_version

The tflint version to install and use. Default is to use the latest release version.

 false latest
tflint_rulesets

Space separated, official (from the terraform-linters GitHub organization) tflint rulesets to install and use. If a pre-configured TFLINT_PLUGIN_DIR is set, rulesets are installed in that directory. Default is empty.

 false ""
tflint_init

Whether or not to run tflint --init prior to running scan [true,false] Default is false.

 false false
tflint_target_dir

The target dir for the tflint command. This is the directory passed to tflint as opposed to working_directory which is the directory the command is executed from. Default is . (root of the repository)

 false .
tflint_config

Config file name for tflint. Default is .tflint.hcl.

 false .tflint.hcl
flags

List of arguments to send to tflint For the output to be parsable by reviewdog --format=checkstyle is enforced Default is --call-module-type=all.

 false --call-module-type=all

Outputs

name description
tflint-return-code

tflint command return code

Contributors (1)

@RoseSecurity

Resources

tflint Findings Upload is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Run tflint and upload sarif results to GitHub Security findings
v0.4.0
Latest
By The-Infra-Company

Tags

 (2)
code-reviewcode-quality

Contributors (1)

@RoseSecurity

Resources

tflint Findings Upload is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.