-
Notifications
You must be signed in to change notification settings - Fork 52
121 lines (105 loc) · 5.22 KB
/
templates.terraform.pull_requests.lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: IaaS - Terraform CI (for pull requests) - Lint
on:
workflow_call:
inputs:
terraform_workdir:
description: Working directory where Terraform files are
required: false
default: "."
type: string
terraform_version:
description: Terraform version that should we use (latest by default)
required: false
type: string
jobs:
# Terraform validate checks if your TF files are in a canonical format and without HCL issues
terraform_validate:
name: Terraform files validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
with:
terraform_version: ${{ inputs.terraform_version }}
- name: Pre-hook Terraform workflow
id: pre
run: |
# Setup `workdir` suffix used to give more information during execution
if [[ '${{ inputs.terraform_workdir }}' == '.' ]]; then
echo "workdir=" >> "${GITHUB_OUTPUT}"
else
echo "workdir=(${{ inputs.terraform_workdir }})" >> "${GITHUB_OUTPUT}"
fi
# --- `terraform fmt`
- name: Check if all Terraform configuration files are in a canonical format ${{ steps.pre.outputs.workdir }}
id: fmt
run: terraform fmt -check -recursive -diff -no-color
working-directory: ${{ inputs.terraform_workdir }}
- uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0
if: failure() && steps.fmt.outcome == 'failure'
with:
recreate: true
header: tf::${{ steps.pre.outputs.workdir }}
message: |
# Terraform CI/CD ${{ steps.pre.outputs.workdir }}
- [ ] :paintbrush: Check if all Terraform configuration files are in a canonical format
### 🚫 Failure reason
```terraform
${{ steps.fmt.outputs.stdout }}
```
<br/>
> _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._
# --- `terraform init`
- name: Initialize Terraform working directory ${{ steps.pre.outputs.workdir }}
id: init
env:
TF_IN_AUTOMATION: yes
run: terraform init -no-color -backend=false
working-directory: ${{ inputs.terraform_workdir }}
- uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0
if: failure() && steps.init.outcome == 'failure'
with:
recreate: true
header: tf::${{ steps.pre.outputs.workdir }}
message: |
# Terraform CI/CD ${{ steps.pre.outputs.workdir }}
- [x] :paintbrush: Check if all Terraform configuration files are in a canonical format
- [ ] :hammer_and_wrench: Validate the configuration files
### 🚫 Failure reason
```
${{ steps.init.outputs.stderr }}
```
<br/>
> _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._
# --- `terraform validate`
- name: Validate the configuration files ${{ steps.pre.outputs.workdir }}
id: validate
env:
TF_IN_AUTOMATION: yes
run: terraform validate -no-color
working-directory: ${{ inputs.terraform_workdir }}
- uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0
if: failure() && steps.validate.outcome == 'failure'
with:
recreate: true
header: tf::${{ steps.pre.outputs.workdir }}
message: |
# Terraform CI/CD ${{ steps.pre.outputs.workdir }}
- [x] :paintbrush: Check if all Terraform configuration files are in a canonical format
- [ ] :hammer_and_wrench: Validate the configuration files
### 🚫 Failure reason
```
${{ steps.validate.outputs.stderr }}
```
<br/>
> _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._
- uses: marocchino/sticky-pull-request-comment@efaaab3fd41a9c3de579aba759d2552635e590fd # v2.8.0
if: success()
with:
recreate: true
header: tf::${{ steps.pre.outputs.workdir }}
message: |
# Terraform CI/CD ${{ steps.pre.outputs.workdir }}
- [x] :paintbrush: Check if all Terraform configuration files are in a canonical format
- [x] :hammer_and_wrench: Validate the configuration files
> _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**). See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._