chore: add tests, update docs and actions (#299)

* docs: update documentation * feat: validate-inputs has it's own pyproject * security: mask DOCKERHUB_PASSWORD * chore: add tokens, checkout, recrete docs, integration tests * fix: add `statuses: write` permission to pr-lint
2026-03-12 23:58:21 +00:00 · 2025-10-18 13:09:19 +03:00
parent d3c2de1bd1
commit 7061aafd35
148 changed files with 5119 additions and 1897 deletions
--- a/terraform-lint-fix/README.md
+++ b/terraform-lint-fix/README.md
@@ -18,7 +18,7 @@ Lints and fixes Terraform files with advanced validation and security checks.
 | `auto-fix`          | <p>Automatically fix issues when possible</p>                  | `false`  | `true`                      |
 | `max-retries`       | <p>Maximum number of retry attempts</p>                        | `false`  | `3`                         |
 | `format`            | <p>Output format (compact, json, checkstyle, junit, sarif)</p> | `false`  | `sarif`                     |
-| `token`             | <p>GitHub token for authentication</p>                         | `false`  | `${{ github.token }}`       |
+| `token`             | <p>GitHub token for authentication</p>                         | `false`  | `""`                        |
 | `username`          | <p>GitHub username for commits</p>                             | `false`  | `github-actions`            |
 | `email`             | <p>GitHub email for commits</p>                                | `false`  | `github-actions@github.com` |

@@ -91,7 +91,7 @@ This action is a `composite` action.
    # GitHub token for authentication
    #
    # Required: false
-    # Default: ${{ github.token }}
+    # Default: ""

    username:
    # GitHub username for commits
--- a/terraform-lint-fix/action.yml
+++ b/terraform-lint-fix/action.yml
@@ -47,7 +47,7 @@ inputs:
  token:
    description: 'GitHub token for authentication'
    required: false
-    default: ${{ github.token }}
+    default: ''
  username:
    description: 'GitHub username for commits'
    required: false
@@ -71,12 +71,17 @@ outputs:
 runs:
  using: composite
  steps:
+    - name: Checkout Repository
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        token: ${{ inputs.token || github.token }}
+
    - name: Validate Inputs
      id: validate
      uses: ./validate-inputs
      with:
        action-type: 'terraform-lint-fix'
-        token: ${{ inputs.token }}
+        token: ${{ inputs.token || github.token }}
        email: ${{ inputs.email }}
        username: ${{ inputs.username }}
        terraform-version: ${{ inputs.terraform-version }}
@@ -267,7 +272,7 @@ runs:
      if: ${{ fromJSON(steps.fix.outputs.fixed_count) > 0 }}
      uses: ./set-git-config
      with:
-        token: ${{ inputs.token }}
+        token: ${{ inputs.token || github.token }}
        username: ${{ inputs.username }}
        email: ${{ inputs.email }}

@@ -297,7 +302,7 @@ runs:

    - name: Upload SARIF Report
      if: steps.check-files.outputs.found == 'true' && inputs.format == 'sarif'
-      uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8
+      uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v4.30.9
      with:
        sarif_file: ${{ env.VALIDATED_WORKING_DIR }}/reports/tflint.sarif
        category: terraform-lint