Adds tflint validation to Terraform in documentation #14549
Conversation
ghost
added
size/XL
There was a problem hiding this comment.
Looking real good! It'd be nice to consolidate this over in website.yml so all the website checks are together and get it in a supported terrafmt release, but other than that I think this will be good to go. 👍
If this scripting will be used in multiple places like the acceptance testing configurations, we will probably want to make it a shell script and call out to it directly.
| TFLINT_VERSION: "v0.18.0" | ||
| run: | | ||
| curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | sh | ||
| - name: lint code |
There was a problem hiding this comment.
Let's consolidate this over to the existing website.yml 👍
There was a problem hiding this comment.
Yeah, I wasn't sure the best approach here, since we'll need to do an almost identical workflow for checking acceptance tests.
We're waiting on katbyte/terrafmt#26 being merged for the supported release.
| exit_code=0 | ||
|
|
||
| # Configure the rules for tflint. | ||
| # The *_invalid_* rules disabled here prevent evaluation of expressions. | ||
| # Do not disable *_invalid_name rules, since these are good checks for e.g. "%s" formatting verbs | ||
| # being carried over from test cases. | ||
| shared_rules=( | ||
| "--enable-rule=terraform_comment_syntax" | ||
| "--disable-rule=aws_cloudwatch_event_target_invalid_arn" | ||
| "--disable-rule=aws_cognito_user_pool_domain_invalid_domain" | ||
| "--disable-rule=aws_db_instance_default_parameter_group" | ||
| "--disable-rule=aws_elasticache_cluster_default_parameter_group" | ||
| "--disable-rule=aws_iam_saml_provider_invalid_saml_metadata_document" | ||
| "--disable-rule=aws_iam_server_certificate_invalid_certificate_body" | ||
| "--disable-rule=aws_iam_server_certificate_invalid_private_key" | ||
| "--disable-rule=aws_transfer_ssh_key_invalid_body" | ||
| "--disable-rule=aws_worklink_website_certificate_authority_association_invalid_certificate" | ||
| ) | ||
| find ./website/docs -type f \( -name '*.md' -o -name '*.markdown' \) \ | ||
| | sort -u \ | ||
| | while read -r filename ; do | ||
| rules=("${shared_rules[@]}") | ||
| if [[ "$filename" == "./website/docs/guides/version-2-upgrade.html.md" ]]; then | ||
| # ./website/docs/guides/version-2-upgrade.html.md should still include pre-0.12 syntax, | ||
| # since v1.0 does not support Terraform 0.12. | ||
| rules+=( | ||
| "--disable-rule=terraform_deprecated_interpolation" | ||
| "--disable-rule=terraform_deprecated_index" | ||
| ) | ||
| else | ||
| rules+=( | ||
| "--enable-rule=terraform_deprecated_interpolation" | ||
| "--enable-rule=terraform_deprecated_index" | ||
| ) | ||
| fi | ||
| # echo "Let's go with $filename..." | ||
| # We need to capture the output and error code here. We don't want to exit on the first error | ||
| set +e | ||
| ./scripts/validate-terraform-file.sh "$filename" "${rules[@]}" | ||
| lint_exitcode=$? | ||
| set -e | ||
| if [ $lint_exitcode -ne 0 ]; then exit_code=1; fi | ||
| done | ||
|
|
||
| exit $exit_code |
There was a problem hiding this comment.
This could be moved to yet another script. It's messy because of the special handling for ./website/docs/guides/version-2-upgrade.html.md. Otherwise, the read could be moved into the script, and it could be called like
find ./website/docs -type f \( -name '*.md' -o -name '*.markdown' \) | ./scripts/validate-terraform.sh "${rules[@]}"That model could be used for the acceptance test validation
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Adds GitHub workflow to validate Terraform code in documentation.
Community Note
Relates #14417
Release note for CHANGELOG:
Output from acceptance testing:
N/A