Initial commit

2025-11-19 14:22:51 +00:00 · 2025-11-19 14:22:51 +00:00 · 6976ff0290
commit 6976ff0290
14 changed files with 361 additions and 0 deletions
--- a/.forgejo/workflows/default-ci.yaml
+++ b/.forgejo/workflows/default-ci.yaml
@ -0,0 +1,56 @@
+name: CI
+
+on: [push]
+
+jobs:
+  license-check:
+    name: Check License Header
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Verify license header in Terraform files
+        run: |
+          set -e
+          # Only checks for the presence of the word "Copyright" in the first line.
+          KEYWORD="Copyright"
+          for file in $(find . -maxdepth 1 -name "*.tf"); do
+            if ! head -n 1 "$file" | grep -q "$KEYWORD"; then
+              echo "::error file=$file,line=1::A copyright header is missing or incorrect in the first line."
+              exit 1
+            fi
+          done
+          echo "✔ Copyright header check passed for all .tf files."
+
+
+  secrets-scan:
+    name: TruffleHog Secrets Scan
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: trufflehog-actions-scan
+        uses: https://github.com/edplato/trufflehog-actions-scan@master
+
+  terraform:
+    name: Terraform CI
+    runs-on: docker
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        uses: https://github.com/hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "1.5.7"
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Format Check
+        run: terraform fmt -recursive -check
+
+      - name: Terraform Validate
+        run: terraform validate