From 413a6ddf21c2cf255110815d33b943af7449e0db Mon Sep 17 00:00:00 2001
From: null-paorodrigues <paola.rodrigues@nullplatform.io>
Date: Thu, 26 Mar 2026 18:04:21 -0300
Subject: [PATCH 1/5] chore: add PR checks (ShellCheck, Terraform fmt)

---
 .github/workflows/pr-checks.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/pr-checks.yml

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
new file mode 100644
index 0000000..6ffeb73
--- /dev/null
+++ b/.github/workflows/pr-checks.yml
@@ -0,0 +1,31 @@
+name: PR Checks
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    uses: nullplatform/actions-nullplatform/.github/workflows/shellcheck.yml@main
+    with:
+      script_dirs: >-
+        databases/rds-postgres-db/scripts/aws
+        databases/rds-postgres-db/entrypoint
+        databases/rds-postgres-server/scripts/aws
+        databases/rds-postgres-server/entrypoint
+        databases/azure-cosmos-db/scripts/azure
+        databases/azure-cosmos-db/entrypoint
+
+  terraform-fmt:
+    name: Terraform Format
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: opentofu/setup-opentofu@v1
+        with:
+          tofu_version: v1.10.5
+      - name: Check formatting
+        run: tofu fmt -check -recursive

From 52a01bd55d67e9b3e3733e4a5d00c7e27f61de82 Mon Sep 17 00:00:00 2001
From: null-paorodrigues <paola.rodrigues@nullplatform.io>
Date: Fri, 27 Mar 2026 10:04:26 -0300
Subject: [PATCH 2/5] ci: re-trigger PR checks


From d881275a6baab678f79b7c0027fedb58571edd75 Mon Sep 17 00:00:00 2001
From: null-paorodrigues <paola.rodrigues@nullplatform.io>
Date: Fri, 27 Mar 2026 10:14:02 -0300
Subject: [PATCH 3/5] fix: apply tofu fmt formatting to azure-cosmos-db modules

---
 databases/azure-cosmos-db/deployment/outputs.tf  | 2 +-
 databases/azure-cosmos-db/permissions/locals.tf  | 4 ++--
 databases/azure-cosmos-db/permissions/outputs.tf | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/databases/azure-cosmos-db/deployment/outputs.tf b/databases/azure-cosmos-db/deployment/outputs.tf
index c5580bf..3b59866 100644
--- a/databases/azure-cosmos-db/deployment/outputs.tf
+++ b/databases/azure-cosmos-db/deployment/outputs.tf
@@ -18,7 +18,7 @@ output "containers" {
   value = [
     for name, container in azurerm_cosmosdb_sql_container.containers : {
       container_name = name
-      id            = container.id
+      id             = container.id
       partition_key  = container.partition_key_paths[0]
     }
   ]
diff --git a/databases/azure-cosmos-db/permissions/locals.tf b/databases/azure-cosmos-db/permissions/locals.tf
index f70fc85..3476704 100644
--- a/databases/azure-cosmos-db/permissions/locals.tf
+++ b/databases/azure-cosmos-db/permissions/locals.tf
@@ -2,8 +2,8 @@ locals {
 
   # Map access levels to built-in role definition GUIDs
   role_definitions = {
-    read      = "00000000-0000-0000-0000-000000000001"  # Built-in Data Reader
-    readwrite = "00000000-0000-0000-0000-000000000002"  # Built-in Data Contributor
+    read      = "00000000-0000-0000-0000-000000000001" # Built-in Data Reader
+    readwrite = "00000000-0000-0000-0000-000000000002" # Built-in Data Contributor
   }
 
   # Create a map for for_each
diff --git a/databases/azure-cosmos-db/permissions/outputs.tf b/databases/azure-cosmos-db/permissions/outputs.tf
index a546729..2c9649b 100644
--- a/databases/azure-cosmos-db/permissions/outputs.tf
+++ b/databases/azure-cosmos-db/permissions/outputs.tf
@@ -26,7 +26,7 @@ output "role_assignments" {
       access_level = local.database_access_level
       scope        = azurerm_cosmosdb_sql_role_assignment.database_access[0].scope
     }
-  } : {
+    } : {
     for k, v in azurerm_cosmosdb_sql_role_assignment.container_access : k => {
       id           = v.id
       access_level = local.permissions_map[k]

From 04a56bba9899e92813200d66d8f97f4d9cb9ac3a Mon Sep 17 00:00:00 2001
From: null-paorodrigues <paola.rodrigues@nullplatform.io>
Date: Fri, 27 Mar 2026 10:53:18 -0300
Subject: [PATCH 4/5] refactor: replace reusable shellcheck with inline
 recursive shebang search

---
 .github/workflows/pr-checks.yml | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
index 6ffeb73..d1a1264 100644
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -9,15 +9,18 @@ permissions:
 
 jobs:
   shellcheck:
-    uses: nullplatform/actions-nullplatform/.github/workflows/shellcheck.yml@main
-    with:
-      script_dirs: >-
-        databases/rds-postgres-db/scripts/aws
-        databases/rds-postgres-db/entrypoint
-        databases/rds-postgres-server/scripts/aws
-        databases/rds-postgres-server/entrypoint
-        databases/azure-cosmos-db/scripts/azure
-        databases/azure-cosmos-db/entrypoint
+    name: ShellCheck
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ShellCheck
+        run: |
+          scripts=$(grep -rlE '^#!.*\b(bash|sh)\b' --exclude-dir=.git .)
+          if [ -n "$scripts" ]; then
+            echo "$scripts" | xargs shellcheck --severity=error
+          else
+            echo "No shell scripts found"
+          fi
 
   terraform-fmt:
     name: Terraform Format

From 4aadabf709633d9a5d9afa39a0c3585e189b20d2 Mon Sep 17 00:00:00 2001
From: null-paorodrigues <paola.rodrigues@nullplatform.io>
Date: Fri, 27 Mar 2026 10:57:11 -0300
Subject: [PATCH 5/5] fix: separate EOF terminator from closing parenthesis in
 delete-database-user

---
 databases/postgres/k8s/postgres-db/link/delete-database-user | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/databases/postgres/k8s/postgres-db/link/delete-database-user b/databases/postgres/k8s/postgres-db/link/delete-database-user
index f01106e..80b9d86 100755
--- a/databases/postgres/k8s/postgres-db/link/delete-database-user
+++ b/databases/postgres/k8s/postgres-db/link/delete-database-user
@@ -31,7 +31,8 @@ DROP OWNED BY "$USERNAME";
 
 -- Now drop the user
 DROP USER IF EXISTS "$USERNAME";
-EOF)
+EOF
+)
 
 ../run_query_in_pod.sh "$SERVICE_HOSTNAME" "$SERVICE_PORT" "$SERVICE_DBNAME" "postgres" "$ADMIN_PASSWORD" "$QUERY" "ddl"