🧪 add unit tests #357

	name: Terraform Static Code Analysis

	on:
	workflow_dispatch:
	pull_request:
	branches:
	- main
	paths:
	- '**.tf'
	- '.github/workflows/terraform-static-analysis.yml'

	permissions:
	contents: read

	jobs:
	terraform-static-analysis:
	permissions:
	pull-requests: write
	name: Terraform Static Analysis
	runs-on: ubuntu-latest
	if: github.event_name != 'workflow_dispatch'
	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@bdab1cff6d23336b6d5adc662fb57af72f0ae160 # v17.1.0
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: changed
	trivy_severity: HIGH,CRITICAL
	trivy_ignore: ./.trivyignore.yaml
	checkov_exclude: CKV_GIT_1,CKV_AWS_126,CKV2_AWS_38,CKV2_AWS_39
	tflint_exclude: terraform_unused_declarations
	tflint_call_module_type: none
	tfsec_trivy: trivy

	terraform-static-analysis-full-scan:
	permissions:
	pull-requests: write
	name: Terraform Static Analysis - scan all directories
	runs-on: ubuntu-latest
	if: github.event_name == 'workflow_dispatch'
	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
	with:
	fetch-depth: 0
	- name: Run Analysis
	uses: ministryofjustice/github-actions/terraform-static-analysis@7c689fe2de15e1692f5cceceb132919ab854081c # v14
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	scan_type: full
	tfsec_exclude: AWS089, AWS099, AWS009, AWS097, AWS018
	checkov_exclude: CKV_GIT_1

Provide feedback