From eb9c3e9dee9bc73c2e4e497f73fec8a27b37ff5b Mon Sep 17 00:00:00 2001 From: Zach Fuller Date: Sat, 21 Sep 2024 12:24:55 -0700 Subject: [PATCH] chore: Added `tflint` to Pipeline (#69) * removed unused files * fixed effect value in IAM policy doc statements and added terraform provider lockfile * chore: Add `tflint` to Pipeline (#68) * fix: AWS IAM Policy Document (#66) * removed unused files * fixed effect value in IAM policy doc statements and added terraform provider lockfile * tflint config * running cd before tflint --init to pickup custom config * removed color option * removed tflint wrapper * added required_version to tf config --- .github/workflows/tf-lint.yml | 40 +++++++++++++++++++++++++++++++++++ terraform/.tflint.hcl | 10 +++++++++ terraform/providers.tf | 1 + 3 files changed, 51 insertions(+) create mode 100644 .github/workflows/tf-lint.yml create mode 100644 terraform/.tflint.hcl diff --git a/.github/workflows/tf-lint.yml b/.github/workflows/tf-lint.yml new file mode 100644 index 0000000..13d7506 --- /dev/null +++ b/.github/workflows/tf-lint.yml @@ -0,0 +1,40 @@ +name: IAC Checks - tflint +on: + push: + branches: [ master, dev ] + pull_request: + +jobs: + tflint: + runs-on: ${{ matrix.os }} + + strategy: + matrix: + os: [ubuntu-latest] + + steps: + - uses: actions/checkout@v4 + name: Checkout source code + + - uses: actions/cache@v4 + name: Cache plugin dir + with: + path: ~/.tflint.d/plugins + key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }} + + - uses: terraform-linters/setup-tflint@v4 + name: Setup TFLint + with: + tflint_version: v0.52.0 + + - name: Show version + run: tflint --version + + - name: Init TFLint + run: cd terraform && tflint --init + env: + # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting + GITHUB_TOKEN: ${{ github.token }} + + - name: Run tflint + run: tflint -f compact --recursive --chdir=terraform diff --git a/terraform/.tflint.hcl b/terraform/.tflint.hcl new file mode 100644 index 0000000..bfbeaa9 --- /dev/null +++ b/terraform/.tflint.hcl @@ -0,0 +1,10 @@ +plugin "terraform" { + enabled = true + preset = "recommended" +} + +plugin "aws" { + enabled = true + version = "0.33.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} diff --git a/terraform/providers.tf b/terraform/providers.tf index ad5eadb..de8e297 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -1,4 +1,5 @@ terraform { + required_version = ">= 1.5" required_providers { aws = { source = "hashicorp/aws"