Lint

chore(main): release 0.1.0 #1

	name: Lint

	concurrency:
	group: lint-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	# Use pull_request_target to support fork PRs and enable `checks: write` permission
	# This allows external contributors to get linting feedback on their PRs
	on: pull_request_target

	permissions:
	actions: read
	checks: write # Required to post check results back to the PR
	contents: read
	pull-requests: read

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	# SECURITY: With pull_request_target, checkout defaults to the base branch (main)
	# We must explicitly checkout the PR head to lint the actual changes
	- name: Check out Git repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	# Checkout the actual PR code, not the base branch
	ref: ${{ github.event.pull_request.head.sha }}
	# Support forks by using the head repository
	repository: ${{ github.event.pull_request.head.repo.full_name }}
	# SECURITY: Disable credential persistence to prevent potential misuse
	persist-credentials: false

	- name: Trunk Check
	uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
	env:
	# NOTE: inject the GITHUB_TOKEN for the trunk managed tflint linter
	# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	conventional-title:
	runs-on: ubuntu-latest
	steps:
	- uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback