From 866a816b163558c1c2a50b6cfa69290757694e23 Mon Sep 17 00:00:00 2001 From: Jason Harris Date: Tue, 28 Nov 2023 16:35:37 +0000 Subject: [PATCH 1/2] SAM and Terraform IaC extracted from pr_build and simplified approach. --- .github/workflows/pr_build.yml | 21 --------------- .github/workflows/pr_iac_lint.yml | 45 +++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/pr_iac_lint.yml diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml index 3cf3a5425..7a02b08d4 100644 --- a/.github/workflows/pr_build.yml +++ b/.github/workflows/pr_build.yml @@ -79,33 +79,12 @@ jobs: if: ${{ matrix.java == '8' }} # Gradle example can only be built on Java 8 working-directory: examples/powertools-examples-core/kotlin run: ./gradlew build - - name: Setup Terraform - if: ${{ matrix.java == '11' }} - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 #v2.0.3 - name: Setup AWS credentials if: ${{ matrix.java == '11' }} uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }} aws-region: ${{ env.AWS_REGION }} - - name: Terraform validate - working-directory: examples/powertools-examples-core/terraform - if: ${{ matrix.java == '11' }} - run: | - terraform -version - terraform init -backend=false - terraform validate - terraform plan - - name: Setup Terraform lint - if: ${{ matrix.java == '11' }} - uses: terraform-linters/setup-tflint@a5a1af8c6551fb10c53f1cd4ba62359f1973746f # v3.1.1 - - name: Terraform lint - working-directory: examples/powertools-examples-core/terraform - if: ${{ matrix.java == '11' }} - run: | - tflint --version - tflint --init - tflint -f compact - name: Upload coverage to Codecov uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1 if: ${{ matrix.java == '11' }} # publish results once diff --git a/.github/workflows/pr_iac_lint.yml b/.github/workflows/pr_iac_lint.yml new file mode 100644 index 000000000..37ae9bcd8 --- /dev/null +++ b/.github/workflows/pr_iac_lint.yml @@ -0,0 +1,45 @@ +name: Validate IaC + +on: + pull_request: + branches: + - main + - v2 + paths: + - 'examples/**' +jobs: + linter: + runs-on: ubuntu-latest + strategy: + matrix: + project: ["sam", "gradle", "kotlin"] + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - name: Setup java JDK + uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0 + with: + distribution: 'corretto' + java-version: 11 + - name: Run SAM validator to check syntax of IaC templates - Java + working-directory: examples/powertools-examples-core/${{ matrix.project }} + run: | + sam build + sam validate --lint + - name: Setup Terraform + uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 #v2.0.3 + - name: Run Terraform validator to check syntax of IaC templates and produce a plan of changes + working-directory: examples/powertools-examples-core/terraform + run: | + mvn install + terraform -version + terraform init -backend=false + terraform validate + terraform plan + - name: Setup Terraform lint + uses: terraform-linters/setup-tflint@a5a1af8c6551fb10c53f1cd4ba62359f1973746f # v3.1.1 + - name: Run Terraform lint to check for best practices, errors, deprecated syntax etc. + working-directory: examples/powertools-examples-core/terraform + run: | + tflint --version + tflint --init + tflint -f compact \ No newline at end of file From c2acbe70d017d4c4759287dcf188a8f5bef3498c Mon Sep 17 00:00:00 2001 From: Jason Harris Date: Tue, 12 Dec 2023 09:49:48 +0000 Subject: [PATCH 2/2] Update .github/workflows/pr_iac_lint.yml Co-authored-by: Scott Gerring --- .github/workflows/pr_iac_lint.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pr_iac_lint.yml b/.github/workflows/pr_iac_lint.yml index 37ae9bcd8..1ed2077f5 100644 --- a/.github/workflows/pr_iac_lint.yml +++ b/.github/workflows/pr_iac_lint.yml @@ -1,6 +1,10 @@ name: Validate IaC on: + push: + branches: + - main + - v2 pull_request: branches: - main