From 18c6acea8349448313e9db75e0b97dc1f6e3b50f Mon Sep 17 00:00:00 2001
From: Alexey Makarevich
 <90318470+alexey-makarevich-clearscale@users.noreply.github.com>
Date: Thu, 4 Jan 2024 10:52:24 +0100
Subject: [PATCH] Added Code Checks Actions

---
 .github/workflows/tflint.yml | 44 ++++++++++++++++++++++++++++++++++++
 .github/workflows/trivy.yml  | 29 ++++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 .github/workflows/tflint.yml
 create mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
new file mode 100644
index 0000000..081bfb1
--- /dev/null
+++ b/.github/workflows/tflint.yml
@@ -0,0 +1,44 @@
+name: Terraform Lint
+on:
+  push:
+    branches: [ main, develop, workflow_dispatch ]
+  pull_request:
+
+jobs:
+  tflint:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+
+    steps:
+    - uses: actions/checkout@v3
+      name: Checkout source code
+
+    - uses: terraform-linters/setup-tflint@v4
+      name: Setup TFLint
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run TFLint
+      run: tflint -f compact --recursive
+
+    - uses: terraform-linters/setup-tflint@v4
+      with:
+        tflint_wrapper: true
+
+    - id: tflint
+      run: tflint -f compact --recursive
+
+    - run: echo ${{ steps.tflint.outputs.stdout }}
+    - run: echo ${{ steps.tflint.outputs.stderr }}
+    - run: echo ${{ steps.tflint.outputs.exitcode }}
+
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 0000000..f2ed07f
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,29 @@
+name: Trivy Security Scanner
+on:
+  push:
+    branches: [ main, develop, workflow_dispatch ]
+  pull_request:
+    
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+              
+      - name: Aqua Security Trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scanners: 'misconfig,secret'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'