diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml deleted file mode 100644 index e915d59..0000000 --- a/.github/workflows/integration.yaml +++ /dev/null @@ -1,101 +0,0 @@ -name: Integration - -on: - push: - branches: - - main - pull_request: {} - -concurrency: - group: integration-${{ github.ref }} - cancel-in-progress: true - -jobs: - changed: - runs-on: ubuntu-latest - - outputs: - terraform_modules_changed: ${{ steps.filter-terraform-modules.outputs.changed }} - terraform_modules_files: ${{ steps.filter-terraform-modules.outputs.files }} - terraform_modules_dirs: ${{ steps.filter-terraform-modules.outputs.dirs }} - yaml_changed: ${{ steps.filter-yaml.outputs.changed }} - yaml_files: ${{ steps.filter-yaml.outputs.files }} - - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Get Changed Files - id: changed-files - uses: dorny/paths-filter@v2 - with: - list-files: json - filters: | - modules: - - 'modules/**' - yaml: - - '**/*.yaml' - - '**/*.yml' - - - name: Filter changed Terraform Modules files to outputs - id: filter-terraform-modules - run: | - dirs=$(echo '${{ steps.changed-files.outputs.modules_files }}' | jq '[.[] | match("modules/[^/]+").string] | unique') - echo ::set-output name=changed::${{ steps.changed-files.outputs.modules }} - echo ::set-output name=files::${{ steps.changed-files.outputs.modules_files }} - echo ::set-output name=dirs::$dirs - - - name: Filter changed YAML files to outputs - id: filter-yaml - run: | - echo ::set-output name=changed::${{ steps.changed-files.outputs.yaml }} - echo ::set-output name=files::${{ steps.changed-files.outputs.yaml_files }} - - - terraform: - needs: - - changed - if: ${{ needs.changed.outputs.terraform_modules_changed != 'false' }} - runs-on: ubuntu-latest - - strategy: - matrix: - path: ${{ fromJson(needs.changed.outputs.terraform_modules_dirs) }} - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set-up terraform - uses: hashicorp/setup-terraform@v2 - - - name: Terraform fmt - id: terraform-fmt - working-directory: ${{ matrix.path }} - run: terraform fmt -check - continue-on-error: true - - - name: Terraform Validate - id: terraform-validate - working-directory: ${{ matrix.path }} - run: | - terraform init -backend=false - terraform validate -no-color - - - yaml: - needs: - - changed - if: ${{ needs.changed.outputs.yaml_changed != 'false' }} - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Lint YAML Files - id: yaml-lint - run: | - yamllint . diff --git a/.github/workflows/terraform.integration.yaml b/.github/workflows/terraform.integration.yaml new file mode 100644 index 0000000..b4cfa94 --- /dev/null +++ b/.github/workflows/terraform.integration.yaml @@ -0,0 +1,104 @@ +name: Integration (Terraform) + +on: + push: + branches: + - main + pull_request: {} + +concurrency: + group: terraform-integration-${{ github.ref }} + cancel-in-progress: true + +jobs: + changed: + name: Filter Changed Files and Directories + runs-on: ubuntu-latest + + outputs: + changed: ${{ steps.set-outputs.outputs.changed }} + modified: ${{ steps.set-outputs.outputs.modified }} + changed_files: ${{ steps.set-outputs.outputs.changed_files }} + modified_files: ${{ steps.set-outputs.outputs.modified_files }} + changed_directories: ${{ steps.set-outputs.outputs.changed_directories }} + modified_directories: ${{ steps.set-outputs.outputs.modified_directories }} + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Get Changed Files + id: changed-files + uses: tj-actions/changed-files@v35 + with: + files: | + modules/** + json: true + + - name: Get Changed Directories + id: changed-directories + uses: tj-actions/changed-files@v35 + with: + files: | + modules/** + examples/** + dir_names: "true" + dir_names_max_depth: 2 + json: true + + - name: Set outputs + id: set-outputs + run: | + echo "changed=${{ steps.changed-directories.outputs.any_changed }}" >> $GITHUB_OUTPUT + echo "modified=${{ steps.changed-directories.outputs.any_modified }}" >> $GITHUB_OUTPUT + + echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT + echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT + + echo "changed_directories=${{ steps.changed-directories.outputs.all_changed_files }}" >> $GITHUB_OUTPUT + echo "modified_directories=${{ steps.changed-directories.outputs.all_modified_files }}" >> $GITHUB_OUTPUT + + + terraform: + name: Lint (terraform) + needs: + - changed + if: ${{ needs.changed.outputs.modified == 'true' }} + uses: tedilabs/.github/.github/workflows/terraform.terraform.yaml@main + + strategy: + matrix: + path: ${{ fromJson(needs.changed.outputs.modified_directories) }} + + with: + terraform_target_dir: ${{ matrix.path }} + terraform_version: latest + terraform_host: app.terraform.io + secrets: + terraform_token: ${{ secrets.TERRAFORM_TOKEN }} + + + tflint: + name: Lint (tflint) + needs: + - changed + if: ${{ needs.changed.outputs.modified == 'true' }} + uses: tedilabs/.github/.github/workflows/terraform.tflint.yaml@main + + strategy: + matrix: + path: ${{ fromJson(needs.changed.outputs.modified_directories) }} + + with: + tflint_version: latest + tflint_config_file: .tflint.hcl + tflint_target_dir: ${{ matrix.path }} + tflint_recursive_enabled: false + tflint_terraform_init_enabled: true + terraform_version: latest + terraform_host: app.terraform.io + secrets: + token: ${{ secrets.GITHUB_TOKEN }} + terraform_token: ${{ secrets.TERRAFORM_TOKEN }} diff --git a/.github/workflows/yaml.integration.yaml b/.github/workflows/yaml.integration.yaml new file mode 100644 index 0000000..20342a1 --- /dev/null +++ b/.github/workflows/yaml.integration.yaml @@ -0,0 +1,58 @@ +name: Integration (YAML) + +on: + push: + branches: + - main + pull_request: {} + +concurrency: + group: yaml-integration-${{ github.ref }} + cancel-in-progress: true + +jobs: + changed: + name: Filter Changed Files and Directories + runs-on: ubuntu-latest + + outputs: + changed: ${{ steps.set-outputs.outputs.changed }} + modified: ${{ steps.set-outputs.outputs.modified }} + changed_files: ${{ steps.set-outputs.outputs.changed_files }} + modified_files: ${{ steps.set-outputs.outputs.modified_files }} + + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Get Changed Files + id: changed-files + uses: tj-actions/changed-files@v35 + with: + files: | + **/*.yaml + **/*.yml + json: true + + - name: Set outputs + id: set-outputs + run: | + echo "changed=${{ steps.changed-files.outputs.any_changed }}" >> $GITHUB_OUTPUT + echo "modified=${{ steps.changed-files.outputs.any_modified }}" >> $GITHUB_OUTPUT + + echo "changed_files=${{ steps.changed-files.outputs.all_changed_files }}" >> $GITHUB_OUTPUT + echo "modified_files=${{ steps.changed-files.outputs.all_modified_files }}" >> $GITHUB_OUTPUT + + lint: + name: Lint (yamllint) + needs: + - changed + if: ${{ needs.changed.outputs.modified == 'true' }} + uses: tedilabs/.github/.github/workflows/yaml.yamllint.yaml@main + + with: + yamllint_version: latest + yamllint_config_file: .yamllint.yaml + yamllint_target_dir: ./ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index aa33d01..d0b1fea 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,8 +1,20 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.70.1 + rev: v1.77.1 hooks: - id: terraform_fmt + args: + - --args=-diff - id: terraform_validate + args: + - --hook-config=--retry-once-with-cleanup=true + - id: terraform_tflint + args: + - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl + files: ^modules/ - id: terraform_docs args: ["--args=--sort-by required"] +- repo: https://github.com/adrienverge/yamllint + rev: v1.29.0 + hooks: + - id: yamllint diff --git a/.tflint.hcl b/.tflint.hcl new file mode 100644 index 0000000..0788789 --- /dev/null +++ b/.tflint.hcl @@ -0,0 +1,77 @@ +config { + plugin_dir = "~/.tflint.d/plugins" + + format = "compact" + module = true + force = false + disabled_by_default = false + + ignore_module = {} +} + + +################################################### +# Rule Sets - Terraform +################################################### + +plugin "terraform" { + enabled = true + preset = "recommended" +} + +rule "terraform_comment_syntax" { + enabled = true +} + +rule "terraform_documented_variables" { + enabled = true +} + +rule "terraform_documented_outputs" { + enabled = true +} + +rule "terraform_naming_convention" { + enabled = true + format = "snake_case" + + custom_formats = { + extended_snake_case = { + description = "Extended snake_case Format which allows double underscore like `a__b`." + regex = "^[a-z][a-z0-9]+([_]{1,2}[a-z0-9]+)*$" + } + } + + module { + format = "extended_snake_case" + } + + resource { + format = "extended_snake_case" + } + + data { + format = "extended_snake_case" + } +} + +rule "terraform_unused_declarations" { + enabled = false +} + +rule "terraform_unused_required_providers" { + enabled = true +} + + +################################################### +# Rule Sets - AWS +################################################### + +plugin "aws" { + source = "github.com/terraform-linters/tflint-ruleset-aws" + version = "0.21.1" + + enabled = true + deep_check = false +}