-
Notifications
You must be signed in to change notification settings - Fork 27
136 lines (123 loc) · 4.65 KB
/
ci-terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Terraform validation and linting
on:
push:
paths: ['**/*.tf', '**/*.hcl', '.github/workflows/ci-terraform.yml']
env:
TF_IN_AUTOMATION: true
TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
jobs:
tflint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false
- name: Get changed TF deployments
id: changed-deployments
uses: tj-actions/changed-files@dcc7a0cba800f454d79fff4b993e8c3555bcc0a8
with:
path: terraform/deployments
dir_names: true
dir_names_max_depth: 1
safe_output: false
- name: Determine Terraform version to use
uses: dflook/terraform-version@ffa43247c162717ecf69316d63c91fa4b341f9aa
id: terraform-version
if: steps.changed-deployments.outputs.any_changed == 'true'
with:
path: terraform
- uses: hashicorp/setup-terraform@v3
if: steps.changed-deployments.outputs.any_changed == 'true'
with:
terraform_version: ${{ steps.terraform-version.outputs.terraform }}
terraform_wrapper: false
- name: Create Terraform plugin cache dir
run: mkdir -p "$TF_PLUGIN_CACHE_DIR"
if: steps.changed-deployments.outputs.any_changed == 'true'
- name: Cache Terraform plugins
uses: actions/cache@v4
if: steps.changed-deployments.outputs.any_changed == 'true'
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key:
terraform-plugins-${{ runner.os }}-${{ hashFiles('**/.terraform.lock.hcl') }}
- uses: actions/cache@v4
name: Cache TFLint plugins
if: steps.changed-deployments.outputs.any_changed == 'true'
with:
path: ~/.tflint.d/plugins
key: tflint-${{ runner.os }}-${{ hashFiles('**/tflint.hcl') }}
- uses: terraform-linters/setup-tflint@v4
name: Set up TFLint
if: steps.changed-deployments.outputs.any_changed == 'true'
with:
tflint_version: v0.55.0
- name: terraform fmt
working-directory: terraform/deployments
env:
DEPLOYMENTS: ${{ steps.changed-deployments.outputs.all_changed_files }}
if: steps.changed-deployments.outputs.any_changed == 'true'
run: |
for d in ${DEPLOYMENTS}; do
cd "$d"
if ! terraform fmt -check -diff -list=true .; then
>&2 echo "Some terraform files in '$d' weren't formatted correctly. Run 'terraform fmt' to fix them."
exit 1
fi
echo "Deployment '$d' ok"
cd "$OLDPWD"
done
- name: terraform init
working-directory: terraform/deployments
env:
DEPLOYMENTS: ${{ steps.changed-deployments.outputs.all_changed_files }}
TF_TOKEN_app_terraform_io: ${{ secrets.TFC_CI_READ_ONLY_TOKEN }}
if: steps.changed-deployments.outputs.any_changed == 'true'
run: |
STEP_EXIT_STATUS=0
for d in ${DEPLOYMENTS}; do
echo "$d"
cd "$d"
if ! terraform init -backend=false; then STEP_EXIT_STATUS=1; fi
echo -e '\n-------------------------\n'
cd "$OLDPWD"
done
exit $STEP_EXIT_STATUS
- name: terraform validate
working-directory: terraform/deployments
env:
DEPLOYMENTS: ${{ steps.changed-deployments.outputs.all_changed_files }}
if: steps.changed-deployments.outputs.any_changed == 'true'
run: |
STEP_EXIT_STATUS=0
for d in ${DEPLOYMENTS}; do
echo "$d"
cd "$d"
if ! terraform validate; then STEP_EXIT_STATUS=1; fi
echo -e '\n-------------------------\n'
cd "$OLDPWD"
done
exit $STEP_EXIT_STATUS
- name: tflint
working-directory: terraform/deployments
env:
DEPLOYMENTS: ${{ steps.changed-deployments.outputs.all_changed_files }}
if: steps.changed-deployments.outputs.any_changed == 'true'
run: |
tflint --version
for d in ${DEPLOYMENTS}; do
echo "$d"
cd "$d"
tflint --init -c ${{ github.workspace }}/.tflint.hcl
tflint --format compact --call-module-type=all --recursive --force \
-c ${{ github.workspace }}/.tflint.hcl \
--enable-rule=terraform_comment_syntax \
--enable-rule=terraform_deprecated_index \
--enable-rule=terraform_required_providers \
--enable-rule=terraform_standard_module_structure \
--enable-rule=terraform_typed_variables \
--enable-rule=terraform_unused_declarations \
--enable-rule=terraform_unused_required_providers \
--disable-rule=aws_eks_node_group_invalid_ami_type
cd "$OLDPWD"
done