name: commit-qc-checks

on:
    push:
        branches-ignore:
            - 'main'

jobs:
    quality-checks:
        runs-on: ubuntu-latest
        steps:
            - uses : actions/checkout@v2
            - name : 'Python: Setup'
              uses : actions/setup-python@v2
              with:
                python-version: 3.11
            - name : 'Python: Install Dependencies'
              run: |
                python -m pip install --upgrade pip
                pip install flake8 pylint black bandit safety
            - name : 'Python: Linting'
              run: |
                flake8 .
                find . -name "*.py" | xargs pylint
            - name : 'Python: Formatting'
              run: |
                black --check .
            - name: 'Python: Security'
              run: |
                bandit -r .
                safety check
            - name: 'Terraform: Setup'
              uses: hashicorp/setup-terraform@v3
              with:
                terraform_version: latest
            - name: 'Terraform: Formatting'
              working-directory: ./terraform
              run: terraform fmt -check -recursive
            - name: 'Terraform: Initialise'
              working-directory: ./terraform
              run: terraform init -backend=false
            - name: 'Terraform: Validate'
              working-directory: ./terraform
              run: terraform validate