feat(action): initial import

action.yaml

@@ -0,0 +1,62 @@
+name: "tofu-aws-test"
+description: "Test a tofu module on AWS."
+
+inputs:
+  aws-access-key-id:
+    description: "AWS access key id."
+    required: true
+  aws-access-key-secret:
+    description: "AWS access key secret."
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: "fmt"
+      shell: "bash"
+      run: |
+        tofu fmt -check -recursive
+    - name: "lint"
+      shell: "bash"
+      run: |
+        unset GITHUB_TOKEN
+        tflint --init
+        tflint --recursive
+    - name: "configure AWS profiles"
+      shell: "bash"
+      run: |
+        REPOSITORY_NAME=$(basename ${{ github.repository }})
+        cat >aws_config <<EOF
+        [profile core]
+        role_arn = arn:aws:iam::563391529123:role/$REPOSITORY_NAME
+        source_profile = root
+
+        [profile root]
+        aws_access_key_id = ${{ inputs.aws-access-key-id }}
+        aws_secret_access_key = ${{ inputs.aws-access-key-secret }}
+        region = eu-west-3
+
+        [profile tests]
+        role_arn = arn:aws:iam::688897985379:role/$REPOSITORY_NAME
+        source_profile = root
+        EOF
+    - name: "check tofu providers lock files"
+      shell: "bash"
+      run: |
+        unset GITHUB_TOKEN
+        export AWS_CONFIG_FILE="$(pwd)/aws_config"
+        shopt -s globstar
+        for lockfile in **/.terraform.lock.hcl; do
+          (cd "$(dirname "$lockfile")"; tofu init; tofu providers lock -platform=linux_amd64)
+        done
+        git diff --exit-code
+    - name: "tofu test"
+      shell: "bash"
+      run: |
+        export AWS_CONFIG_FILE="$(pwd)/aws_config"
+        tofu init
+        tofu test
+    - name: "clean"
+      shell: "bash"
+      run: |
+        rm aws_config