Skip to content

Merge pull request #148 from uktrade/dependabot/npm_and_yarn/mermaid-… #428

Merge pull request #148 from uktrade/dependabot/npm_and_yarn/mermaid-…

Merge pull request #148 from uktrade/dependabot/npm_and_yarn/mermaid-… #428

name: Lint Terraform
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
jobs:
test:
name: Lint Terraform
runs-on: ubuntu-20.04
steps:
- name: "Checkout"
uses: "actions/checkout@v4"
- name: "Install Terraform"
# From https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli,
# but with the addition of programatically verifying the package signing key, which was
# copy and pasted from https://www.hashicorp.com/official-packaging-guide
run: |
sudo apt-get update
sudo apt-get install -y gnupg software-properties-common
wget -O- https://apt.releases.hashicorp.com/gpg | \
gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
key=$(gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint --with-colons | \
awk -F: '/^fpr:(.*)/' | \
head -1)
expected_key="fpr:::::::::798AEC654E5C15428C8E42EEAA16FCBCA621E701:"
if [ "$key" != "$expected_key" ]
then
echo "Key mismatch. Expecting $expected_key but received $key"
exit 1
fi
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update
sudo apt-get install terraform
- name: "Run linting"
run: |
terraform fmt -check -recursive -diff