ci: refactor terraform validation

npalm · npalm · commit 303815c5d862 · 2024-11-16T16:55:18.000+01:00
diff --git a/.github/workflows/terraform-validate-template.yml b/.github/workflows/terraform-validate-template.yml
@@ -20,6 +20,11 @@ on:
         required: false
         type: boolean
         default: false
+      tflint-options:
+        description: "TFLint options"
+        required: false
+        type: string
+        default: ""
 
 jobs:
   verify:
@@ -59,4 +64,4 @@ jobs:
       - name: Run TFLint
         run: |
           tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl
-          tflint -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars
+          tflint -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars  ${{ inputs.tflint-options }}
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -39,9 +39,10 @@ jobs:
     needs: dirs
     with:
       terraform_version: ${{ matrix.terraform }}
-      module: ${{ matrix.module }}
+      module: ${{ matrix.modules }}
+      tflint-options: ${{ matrix.modules == '.' && '' || '--recursive' }}
     strategy:
       fail-fast: false
       matrix:
-        module: ${{ fromJson(needs.dirs.outputs.tf_modules) }}
+        modules: [ ".", "modules", "examples"]
         terraform: ["1.5", "latest"]
diff --git a/.utils/terraform.sh b/.utils/terraform.sh
@@ -10,3 +10,32 @@ generateDummyLambdaZip() {
     touch "$lambdaDir/$(basename $lambdaDir).zip"
   done
 }
+
+tfLintModules() {
+  examples=($( findAllTerraformDirs --ignores modules --hide-root --format plain))
+  ignore_commands=""
+  # example
+  # tflint --ignore-module terraform-aws-modules/vpc/aws --ignore-module terraform-aws-modules/security-group/aws
+  # otuput of find
+#   ./examples/arm64
+# ./examples/arm64/lambdas-download
+# ./examples/base
+# ./examples/default
+# ./examples/ephemeral
+# ./examples/lambdas-download
+# ./examples/multi-runner
+# ./examples/permissions-boundary
+# ./examples/permissions-boundary/setup
+# ./examples/prebuilt
+# ./examples/termination-watcher
+# ./examples/ubuntu
+# ./examples/windows
+# ./examples/windows/lambdas-download
+  echo hi
+  # for the ignore we need to strip ./ at the beginning
+  for example in "${examples[@]}"; do
+    ignore_commands="$ignore_commands --ignore-module=$example"
+  done
+  # run tflint
+  echo tflint --recursive $ignore_commands --config "$(pwd)/.tflint.hcl"
+}
