-
Notifications
You must be signed in to change notification settings - Fork 2
119 lines (104 loc) · 4.02 KB
/
terraform-lint.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# Copyright 2023 The Authors (see AUTHORS file)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 'terraform-lint'
on:
workflow_call:
inputs:
runs-on:
description: 'The GitHub runner on which to execute. This must be a valid JSON but can represent a string, array of strings, or object.'
type: 'string'
default: '"ubuntu-latest"'
terraform_version:
description: 'The version of Terraform to install and use.'
type: 'string'
required: true
directory:
description: 'The directory upon which to lint Terraform configurations.'
type: 'string'
required: true
walk_dirs:
description: 'Recursively iteratate the working directory to initialize and validate all child modules.'
type: 'boolean'
required: false
default: true
ignored_walk_dirs:
description: 'The newline delimited list of directories to ignore when recursively iterating child modules. This input accepts bash globbing.'
type: 'string'
required: false
default: ''
env:
TF_IN_AUTOMATION: 'true'
jobs:
# lint finds all Terraform nested directories within the given parent
# directory and runs Terraform formatting and validation checks.
#
# Do not change this job name. Job names are used as identifiers in status
# checks, and changing this name will cause status checks to fail.
lint:
runs-on: ${{ fromJSON(inputs.runs-on) }} # yamllint disable-line
steps:
- name: 'Checkout'
uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
- name: 'Setup Terraform'
uses: 'hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd' # ratchet:hashicorp/[email protected]
with:
terraform_version: '${{ inputs.terraform_version }}'
- name: 'Check formatting'
shell: 'bash'
working-directory: '${{ inputs.directory }}'
run: |-
terraform fmt -recursive -check -diff
- id: 'checkout-pkg'
uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # ratchet:actions/checkout@v4
with:
repository: 'abcxyz/pkg'
path: 'abcxyz-pkg'
- id: 'lint'
uses: './abcxyz-pkg/.github/actions/terraform-linter'
with:
directory: '${{ inputs.directory }}'
- name: 'Initialize and validate sub directories'
if: '${{ inputs.walk_dirs }}'
shell: 'bash'
working-directory: '${{ inputs.directory }}'
env:
IGNORE_DIRS: '${{ inputs.ignored_walk_dirs }}'
run: |-
TERRAFORM_DIRS="$(find . -name '*.tf' -printf "%h\n" | sort -u | tr '\n' ' ')"
for DIR in ${TERRAFORM_DIRS}; do
IGNORE=false
for IGNORE_DIR in ${IGNORE_DIRS}; do
if [[ "${DIR}" == $IGNORE_DIR ]]; then
IGNORE=true
break
fi
done
if [[ "${IGNORE}" == "true" ]]; then
echo "IGNORE: ${DIR}"
continue
fi
echo "::group::${DIR}"
pushd "${DIR}" &>/dev/null
terraform init -backend=false -input=false
terraform validate
popd &>/dev/null
echo "::endgroup::"
done
- name: 'Initialize and validate'
if: '${{ !inputs.walk_dirs }}'
shell: 'bash'
working-directory: '${{ inputs.directory }}'
run: |-
terraform init -backend=false -input=false
terraform validate