Lint

chore(deps): update googleapis/release-please-action action to v4.4.0 #10

	name: Lint

	concurrency:
	group: lint-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	# Use pull_request_target to support fork PRs and enable `checks: write` permission
	# This allows external contributors to get linting feedback on their PRs
	on: pull_request_target

	permissions:
	actions: read
	checks: write # Required to post check results back to the PR
	contents: read
	pull-requests: read

	jobs:
	lint:
	runs-on: ubuntu-latest
	steps:
	# SECURITY: With pull_request_target, checkout defaults to the base branch (main)
	# We must explicitly checkout the PR head to lint the actual changes
	- name: Check out Git repository
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	with:
	# Checkout the actual PR code, not the base branch
	ref: ${{ github.event.pull_request.head.sha }}
	# Support forks by using the head repository
	repository: ${{ github.event.pull_request.head.repo.full_name }}
	# SECURITY: Disable credential persistence to prevent potential misuse
	persist-credentials: false

	- name: Trunk Check
	uses: trunk-io/trunk-action@75699af9e26881e564e9d832ef7dc3af25ec031b # v1.2.4
	env:
	# NOTE: inject the GITHUB_TOKEN for the trunk managed tflint linter
	# https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	conventional-title:
	runs-on: ubuntu-latest
	steps:
	- uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback