Introduce tflint (#30)

tedilabs · Feb 23, 2023 · 4c77ccf · 4c77ccf
1 parent dd9d222
commit 4c77ccf
Show file tree

Hide file tree

Showing 5 changed files with 252 additions and 102 deletions.
diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml
diff --git a/.github/workflows/terraform.integration.yaml b/.github/workflows/terraform.integration.yaml
@@ -0,0 +1,104 @@
+name: Integration (Terraform)
+
+on:
+  push:
+    branches:
+    - main
+  pull_request: {}
+
+concurrency:
+  group: terraform-integration-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  changed:
+    name: Filter Changed Files and Directories
+    runs-on: ubuntu-latest
+
+    outputs:
+      changed: ${{ steps.set-outputs.outputs.changed }}
+      modified: ${{ steps.set-outputs.outputs.modified }}
+      changed_files: ${{ steps.set-outputs.outputs.changed_files }}
+      modified_files: ${{ steps.set-outputs.outputs.modified_files }}
+      changed_directories: ${{ steps.set-outputs.outputs.changed_directories }}
+      modified_directories: ${{ steps.set-outputs.outputs.modified_directories }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Get Changed Files
+      id: changed-files
+      uses: tj-actions/changed-files@v35
+      with:
+        files: |
+          modules/**
+        json: true
+
+    - name: Get Changed Directories
+      id: changed-directories
+      uses: tj-actions/changed-files@v35
+      with:
+        files: |
+          modules/**
+          examples/**
+        dir_names: "true"
+        dir_names_max_depth: 2
+        json: true
+
+    - name: Set outputs
+      id: set-outputs
+      run: |
+        echo "changed=${{ steps.changed-directories.outputs.any_changed }}" >> $GITHUB_OUTPUT
+        echo "modified=${{ steps.changed-directories.outputs.any_modified }}" >> $GITHUB_OUTPUT
+
+        echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
+        echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT
+
+        echo "changed_directories=${{ steps.changed-directories.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
+        echo "modified_directories=${{ steps.changed-directories.outputs.all_modified_files }}" >> $GITHUB_OUTPUT
+
+
+  terraform:
+    name: Lint (terraform)
+    needs:
+    - changed
+    if: ${{ needs.changed.outputs.modified == 'true' }}
+    uses: tedilabs/.github/.github/workflows/terraform.terraform.yaml@main
+
+    strategy:
+      matrix:
+        path: ${{ fromJson(needs.changed.outputs.modified_directories) }}
+
+    with:
+      terraform_target_dir: ${{ matrix.path }}
+      terraform_version: latest
+      terraform_host: app.terraform.io
+    secrets:
+      terraform_token: ${{ secrets.TERRAFORM_TOKEN }}
+
+
+  tflint:
+    name: Lint (tflint)
+    needs:
+    - changed
+    if: ${{ needs.changed.outputs.modified == 'true' }}
+    uses: tedilabs/.github/.github/workflows/terraform.tflint.yaml@main
+
+    strategy:
+      matrix:
+        path: ${{ fromJson(needs.changed.outputs.modified_directories) }}
+
+    with:
+      tflint_version: latest
+      tflint_config_file: .tflint.hcl
+      tflint_target_dir: ${{ matrix.path }}
+      tflint_recursive_enabled: false
+      tflint_terraform_init_enabled: true
+      terraform_version: latest
+      terraform_host: app.terraform.io
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
+      terraform_token: ${{ secrets.TERRAFORM_TOKEN }}
diff --git a/.github/workflows/yaml.integration.yaml b/.github/workflows/yaml.integration.yaml
@@ -0,0 +1,58 @@
+name: Integration (YAML)
+
+on:
+  push:
+    branches:
+    - main
+  pull_request: {}
+
+concurrency:
+  group: yaml-integration-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  changed:
+    name: Filter Changed Files and Directories
+    runs-on: ubuntu-latest
+
+    outputs:
+      changed: ${{ steps.set-outputs.outputs.changed }}
+      modified: ${{ steps.set-outputs.outputs.modified }}
+      changed_files: ${{ steps.set-outputs.outputs.changed_files }}
+      modified_files: ${{ steps.set-outputs.outputs.modified_files }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+
+    - name: Get Changed Files
+      id: changed-files
+      uses: tj-actions/changed-files@v35
+      with:
+        files: |
+          **/*.yaml
+          **/*.yml
+        json: true
+
+    - name: Set outputs
+      id: set-outputs
+      run: |
+        echo "changed=${{ steps.changed-files.outputs.any_changed }}" >> $GITHUB_OUTPUT
+        echo "modified=${{ steps.changed-files.outputs.any_modified }}" >> $GITHUB_OUTPUT
+
+        echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT
+        echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT
+
+  lint:
+    name: Lint (yamllint)
+    needs:
+    - changed
+    if: ${{ needs.changed.outputs.modified == 'true' }}
+    uses: tedilabs/.github/.github/workflows/yaml.yamllint.yaml@main
+
+    with:
+      yamllint_version: latest
+      yamllint_config_file: .yamllint.yaml
+      yamllint_target_dir: ./
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,8 +1,20 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.70.1
+  rev: v1.77.1
   hooks:
   - id: terraform_fmt
+    args:
+    - --args=-diff
   - id: terraform_validate
+    args:
+    - --hook-config=--retry-once-with-cleanup=true
+  - id: terraform_tflint
+    args:
+    - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl
+    files: ^modules/
   - id: terraform_docs
     args: ["--args=--sort-by required"]
+- repo: https://github.com/adrienverge/yamllint
+  rev: v1.29.0
+  hooks:
+  - id: yamllint
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -0,0 +1,77 @@
+config {
+  plugin_dir = "~/.tflint.d/plugins"
+
+  format = "compact"
+  module = true
+  force = false
+  disabled_by_default = false
+
+  ignore_module = {}
+}
+
+
+###################################################
+# Rule Sets - Terraform
+###################################################
+
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+rule "terraform_comment_syntax" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_naming_convention" {
+  enabled = true
+  format = "snake_case"
+
+  custom_formats = {
+    extended_snake_case = {
+      description = "Extended snake_case Format which allows double underscore like `a__b`."
+      regex       = "^[a-z][a-z0-9]+([_]{1,2}[a-z0-9]+)*$"
+    }
+  }
+
+  module {
+    format = "extended_snake_case"
+  }
+
+  resource {
+    format = "extended_snake_case"
+  }
+
+  data {
+    format = "extended_snake_case"
+  }
+}
+
+rule "terraform_unused_declarations" {
+  enabled = false
+}
+
+rule "terraform_unused_required_providers" {
+  enabled = true
+}
+
+
+###################################################
+# Rule Sets - AWS
+###################################################
+
+plugin "aws" {
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+  version = "0.21.1"
+
+  enabled = true
+  deep_check = false
+}