From e3dc631b190eed3bbfeb809437fddf115ff72a2a Mon Sep 17 00:00:00 2001 From: David Sibley Date: Wed, 1 Nov 2023 13:06:43 +0000 Subject: [PATCH] added tflint exclusion to keep locals consistent across repositories, scoped permissions for documentation action --- .github/workflows/documentation.yml | 5 +++++ .github/workflows/terraform-static-analysis.yml | 1 + 2 files changed, 6 insertions(+) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index 62b5b9e..429d053 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -5,8 +5,13 @@ on: branches: - main + permissions: {} + jobs: docs: + permissions: + contents: write + pull-requests: write runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 diff --git a/.github/workflows/terraform-static-analysis.yml b/.github/workflows/terraform-static-analysis.yml index c630d3b..73a8483 100644 --- a/.github/workflows/terraform-static-analysis.yml +++ b/.github/workflows/terraform-static-analysis.yml @@ -52,3 +52,4 @@ jobs: scan_type: full tfsec_exclude: AWS089, AWS099, AWS009, AWS097, AWS018 checkov_exclude: CKV_GIT_1 + tflint_exclude: terraform_unused_declarations