Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: add tflint #26

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

feature: add tflint #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ my-project
According to the operation / the type of pipeline you have to perform, you can pick here different stages, and put the snippet as indicated in your `.gitlab-ci.yml`:

- [Linting](#linting)
- [Terraform linting](#linting-terraform)
- Tests
- [Docker-compose tests](#unit-test-stage)
- [Docker pipeline](#docker-pipeline)
Expand All @@ -101,6 +102,7 @@ According to the operation / the type of pipeline you have to perform, you can p
- [Google cloud run](#google-cloud-run)
- [Terraform pipeline](#terraform-pipeline)
- [Terraform security check](#terraform-security-score)
- [Terraform linting](#linting-terraform)
- [Notify sentry of release](#notify-sentry-of-release)

Finally some [advice](#general-advices) on how to try the pipeline (for development).
Expand Down Expand Up @@ -181,7 +183,9 @@ See [here](https://github.com/zegl/kube-score/blob/master/README_CHECKS.md) for

NB: The test `label_values` needs to be skipped because of the values `${CI_COMMIT_TAG}` (which will be replaced by `envsubst` later in the pipeline) causing validation fail.

# Unit test stage
See in the terraform section for [linting terraform](#linting-terraform) manifests.

## Unit test stage

```yaml
include:
Expand Down Expand Up @@ -776,6 +780,25 @@ stages:
- test
```

## Linting Terraform

```yaml
include:
- remote: 'https://raw.githubusercontent.com/jobtome-labs/ci-templates/<REF>/lint-terraform.yml'

stages:
- lint

variables:

# optional, used to enable reviewdog
ENABLE_REVIEWDOG: 1
REVIEWDOG_GITLAB_API_TOKEN: <personal gitlab token used to call v4 api endpoints>
REVIEWDOG_LEVEL: warning # optional, values: info, warning, error
```

The Review Dog instructions as described in the [lint section](#linting).

## Notify sentry of release

```yaml
Expand Down
53 changes: 53 additions & 0 deletions lint-terraform.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
lint:terraform:
stage: lint
image: linuxbandit/tflint-reviewdog:v1.0.0
variables:
GITLAB_API: ${CI_API_V4_URL}
script:
- |

if [ -n "${TF_FOLDER_PATH}" ]; then
cd "${TF_FOLDER_PATH}"
fi

echo
echo "-> Downloading Terraform modules:"
echo

terraform --version
terraform init -backend=false

if [[ -z "${LINT_PATH}" ]]; then
LINT_PATH="."
fi

echo
echo "-> Linting Terraform files:"
echo

if [ "${ENABLE_REVIEWDOG}" = "1" ]; then
echo
echo "-> Enabled Review Dog!"
echo

if [ -z "${REVIEWDOG_GITLAB_API_TOKEN}" ]; then
echo
echo "-> [WARNING] Missing 'REVIEWDOG_GITLAB_API_TOKEN' variable!"
echo
exit 1
fi

if [ -z "${REVIEWDOG_LEVEL}" ]; then
REVIEWDOG_LEVEL="warning"
fi

tflint --format "parsable" "${LINT_PATH}" | reviewdog -name="Terraform linter" \
-efm="%f:%l:%c: %m" -diff="git diff master" -reporter=gitlab-mr-discussion -level="${INPUT_LEVEL}"

else
tflint "${LINT_PATH}"
fi

echo
echo "-> Terraform files checked!"
echo