-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (121 loc) · 4.83 KB
/
terraform.tflint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Terraform - tflint
on:
workflow_call:
inputs:
tflint_version:
type: string
required: false
default: latest
description: "(Optional) The version of `tflint` to install. Defaults to `latest`."
tflint_config_file:
type: string
required: false
default: ".tflint.hcl"
description: "(Optional) The path to the `tflint` config file. Defaults to `.tflint.hcl`."
tflint_minimum_failure_severity:
type: string
required: false
default: warning
description: "(Optional) Set minimum severity for exiting with a non-zero error code. Valid values are `error`, `warning`, `notice`. Defaults to `warning`."
tflint_terraform_init_enabled:
type: boolean
required: false
default: true
description: "(Optional) Whether to execute `terraform init` during tflint init process. Not implemented yet in recursive mode. Defaults to `true`."
tflint_recursive_enabled:
type: boolean
required: false
default: false
description: "(Optional) Whether to enable recursive inspection. It takes no arguments in recursive mode. Defaults to `false`."
tflint_target_dir:
type: string
required: false
default: ./
description: "(Optional) A directory path to scan. Defaults to `./`."
terraform_version:
type: string
required: false
default: latest
description: "(Optional) The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with `<` (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`."
terraform_host:
type: string
required: false
default: app.terraform.io
description: "(Optional) The hostname of a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`."
secrets:
gh_token:
required: false
description: "(Optional) The GitHub.com API token to use when getting the latest version of tflint."
token:
required: false
description: "(Optional) The GitHub API token to use when communicating with GitHub API."
terraform_token:
required: false
description: "(Optional) The API token for a Terraform Cloud/Enterprise instance to place within the credentials block of the Terraform CLI configuration file."
jobs:
tflint:
name: tflint - Lint Terraform Codes
runs-on: ubuntu-latest
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v3
- name: Setup Terraform
id: setup-terraform
uses: hashicorp/setup-terraform@v2
if: inputs.tflint_terraform_init_enabled
with:
cli_config_credentials_hostname: ${{ inputs.terraform_host }}
cli_config_credentials_token: ${{ secrets.terraform_token }}
terraform_version: ${{ inputs.terraform_version }}
- name: Setup TFLint
id: setup-tflint
uses: terraform-linters/setup-tflint@v3
with:
github_token: ${{ secrets.gh_token }}
tflint_version: ${{ inputs.tflint_version }}
- name: Init TFLint
id: init-tflint
env:
GITHUB_TOKEN: ${{ secrets.gh_token }}
TFLINT_RECURSIVE_ENABLED: ${{ inputs.tflint_recursive_enabled }}
TFLINT_TERRAFORM_INIT_ENABLED: ${{ inputs.tflint_terraform_init_enabled }}
run: |
TFLINT_CONFIG_FILE=$(realpath ${{ inputs.tflint_config_file }})
if [ $TFLINT_RECURSIVE_ENABLED == "true" ]
then
tflint --recursive --version
tflint \
--recursive \
--config ${TFLINT_CONFIG_FILE} \
--init
else
if [ $TFLINT_TERRAFORM_INIT_ENABLED == "true" ]
then
terraform -chdir=${{ inputs.tflint_target_dir }} init
fi
tflint --version
tflint \
--config ${TFLINT_CONFIG_FILE} \
--init
fi
- name: Run TFLint
id: run-tflint
env:
TFLINT_RECURSIVE_ENABLED: ${{ inputs.tflint_recursive_enabled }}
run: |
TFLINT_CONFIG_FILE=$(realpath ${{ inputs.tflint_config_file }})
if [ $TFLINT_RECURSIVE_ENABLED == "true" ]
then
tflint \
--minimum-failure-severity ${{ inputs.tflint_minimum_failure_severity }} \
--format compact \
--config ${TFLINT_CONFIG_FILE} \
--recursive
else
tflint \
--minimum-failure-severity ${{ inputs.tflint_minimum_failure_severity }} \
--format compact \
--chdir ${{ inputs.tflint_target_dir }} \
--config ${TFLINT_CONFIG_FILE}
fi