-
Notifications
You must be signed in to change notification settings - Fork 1
123 lines (107 loc) · 4.17 KB
/
terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: Reusable Terraform workflow
on:
workflow_call:
inputs:
skip_init:
type: boolean
description: "Set to 'true' if Terraform initialization shall be skipped. Might be necessary in some rare cases."
skip_validate:
type: boolean
description: "Set to 'true' if Terraform validation shall be skipped. Might be necessary in some rare cases."
env:
# OpsGenie Terraform provider needs this to be non-empty, even if we only validate the code.
OPSGENIE_API_KEY: "123"
jobs:
terraform:
name: Check Terraform
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Setup terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform fmt
id: fmt
run: terraform fmt -check -recursive -diff
- name: Terraform init
id: init
if: ${{ !inputs.skip_init && (success() || failure()) }}
env:
TF_TOKEN_app_terraform_io: ${{ secrets.TERRAFORM_CLOUD_ACCESS_TOKEN }}
run: terraform init -backend=false
- name: Terraform validate
id: validate
if: ${{ !inputs.skip_validate && (success() || failure()) }}
env:
ARM_SUBSCRIPTION_ID: 0caa8408-f721-4bd2-8b21-e5cb6ac8891d # dummy subscription ID to silence missing argument error since azurerm v4
run: terraform validate -no-color
- name: Create job summary
if: success() || failure()
run: |
# shellcheck disable=SC2016
{
echo '#### Terraform Format and Style 🖌 `${{ steps.fmt.outcome }}`'
echo '#### Terraform Initialization ⚙️ `${{ steps.init.outcome }}`'
echo '#### Terraform Validation 🤖 `${{ steps.validate.outcome }}`'
echo '<details><summary>Format and Style Output</summary>'
echo -e '\n```'
echo '${{ steps.fmt.outputs.stdout }}'
echo '```'
echo -e '\n</details>'
echo '<details><summary>Validation Output</summary>'
echo -e '\n```'
echo '${{ steps.validate.outputs.stdout }}'
echo '```'
echo -e '\n</details>'
} >> "$GITHUB_STEP_SUMMARY"
- name: Load TFLint config
uses: terraform-linters/tflint-load-config-action@v1
if: success() || failure()
with:
source-repo: riege/code-quality
source-path: terraform/.tflint.hcl
destination-path: ${{ github.workspace }}/.tflint.hcl
token: ${{ github.token }}
- name: Determine TFLint config file location
if: success() || failure()
run: |
echo "TFLINT_CONFIG_FILE=${{ github.workspace }}/.tflint.hcl" >> "$GITHUB_ENV"
- name: Cache plugin dir
uses: actions/cache@v3
if: success() || failure()
with:
path: ~/.tflint.d/plugins
key: tflint-${{ hashFiles(env.TFLINT_CONFIG_FILE) }}
- name: Setup TFLint
uses: terraform-linters/setup-tflint@v4
if: success() || failure()
- name: Init TFLint
run: tflint --init --config="$TFLINT_CONFIG_FILE"
if: success() || failure()
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Run TFLint
if: ${{ github.event_name != 'pull_request' && (success() || failure()) }}
run: |
set +e
TFLINT_OUTPUT=$(tflint --recursive --config="$TFLINT_CONFIG_FILE")
EXITCODE=$?
{
echo '<details><summary>TFLint Output</summary>'
echo -e '\n```'
echo "$TFLINT_OUTPUT"
echo '```'
echo -e '\n</details>'
} >> "$GITHUB_STEP_SUMMARY"
exit $EXITCODE
- name: Run TFLint (PR)
if: ${{ github.event_name == 'pull_request' && (success() || failure()) }}
run: |
tflint --format=checkstyle --recursive --config="$TFLINT_CONFIG_FILE" > tflint-report.xml
- name: Report Result
uses: jwgmeligmeyling/checkstyle-github-action@master
if: ${{ github.event_name == 'pull_request' && (success() || failure()) }}
with:
title: TFLint Report
name: TFLint Report
path: tflint-report.xml