CCM-8568 TFDocsAutomation

Author: aidenvaines-cgi

.github/workflows/stage-1-commit.yaml

@@ -66,6 +66,32 @@ jobs:
           fetch-depth: 0 # Full history is needed to compare branches
       - name: "Check Markdown format"
         uses: ./.github/actions/check-markdown-format
+  terraform-docs:
+    name: "Run terraform-docs"
+    runs-on: ubuntu-latest
+    needs: detect-terraform-changes
+    if: needs.detect-terraform-changes.outputs.terraform_changed == 'true'
+    permissions:
+        contents: write
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Full history is needed to compare branches
+      - name: "Check to see if Terraform Docs are up-to-date"
+        run: |
+          for dir in $(find infrastructure/terraform/{components,modules} -mindepth 1 -maxdepth 1 -type d); do
+              make terraform-docs dir=$dir
+          done
+      - name: "Stage changes"
+        run: |
+          git add infrastructure/terraform/**/*.md
+      - name: "Check for changes in Terraform Docs"
+        run: |
+          if git diff --cached --name-only | grep -qE '\.md$'; then
+            echo "Markdown files have changed. Please run 'make terraform-docs' and commit the changes."
+            exit 1
+          fi
   check-english-usage:
     name: "Check English usage"
     runs-on: ubuntu-latest

.tool-versions

@@ -2,6 +2,7 @@ act 0.2.64
 gitleaks 8.18.4
 pre-commit 3.6.0
 terraform 1.9.2
+terraform-docs 0.19.0
 tfsec 1.28.10
 vale 3.6.0
 

infrastructure/images/.gitkeep

@@ -57,3 +57,10 @@ repos:
         entry: ./scripts/githooks/check-terraform-format.sh
         language: script
         pass_filenames: false
+  - repo: local
+    hooks:
+      - id: generate-terraform-docs
+        name: Generate Terraform Docs
+        entry: ./scripts/githooks/check-terraform-docs.sh
+        language: script
+        pass_filenames: false

infrastructure/modules/.gitkeep

@@ -0,0 +1,49 @@
+formatter: 'markdown' # this is required
+
+version: ''
+
+recursive:
+  enabled: false
+
+sections:
+  hide: []
+  show: []
+
+content: |-
+  {{ .Header }}
+  {{ .Requirements }}
+  {{ .Inputs }}
+  {{ .Modules }}
+  {{ .Outputs }}
+  {{ .Footer }}
+
+output:
+  file: 'README.md'
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+output-values:
+  enabled: false
+  from: ''
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true

scripts/config/pre-commit.yaml

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# WARNING: Please DO NOT edit this file! It is maintained in the Repository Template (https://github.com/nhs-england-tools/repository-template). Raise a PR instead.
+
+set -euo pipefail
+
+# Pre-commit git hook to check Terraform documentation.
+#
+# Usage:
+#   $ [options] ./check-terraform-documentation.sh
+#
+# Options:
+#   VERBOSE=true            # Show all the executed commands, default is 'false'
+
+# ==============================================================================
+
+function main() {
+
+  cd "$(git rev-parse --show-toplevel)"
+
+  terraform-docs
+}
+
+# Generate Terraform documentation.
+# Arguments (provided as environment variables):
+#   check_only=[do not format, run check only]
+function terraform-docs() {
+
+  # shellcheck disable=SC2044
+  for dir in $(find infrastructure/terraform/{components,modules} -mindepth 1 -maxdepth 1 -type d); do
+    make terraform-docs dir="${dir}"
+  done
+
+  git add infrastructure/terraform/**/*.md
+}
+
+# ==============================================================================
+
+function is-arg-true() {
+
+  if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# ==============================================================================
+
+is-arg-true "${VERBOSE:-false}" && set -x
+
+main "$@"
+
+exit 0

scripts/config/terraform-docs.yml

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+# WARNING: Please DO NOT edit this file! It is maintained in the Repository Template (https://github.com/NHSDigital/nhs-notify-repository-template). Raise a PR instead.
+
+set -euo pipefail
+
+# Terraform-docs command wrapper. It will run the command natively if terraform-docs is
+# installed, otherwise it will run it in a Docker container.
+# Run terraform-docs for generating Terraform module documentation code.
+#
+# Usage:
+#   $ ./terraform-docs.sh [directory]
+# ==============================================================================
+
+function main() {
+
+  cd "$(git rev-parse --show-toplevel)"
+
+  local dir_to_document=${1:-.}
+
+  if command -v terraform-docs > /dev/null 2>&1 && ! is-arg-true "${FORCE_USE_DOCKER:-false}"; then
+    # shellcheck disable=SC2154
+    run-terraform-docs-natively "$dir_to_document"
+  else
+    run-terraform-docs-in-docker "$dir_to_document"
+  fi
+}
+
+# Run terraform-docs on the specified directory.
+# Arguments:
+#   $1 - Directory to document
+function run-terraform-docs-natively() {
+
+  local dir_to_scan="$1"
+  echo "Terraform-docs found locally, running natively"
+  if [ -d "$dir_to_scan" ]; then
+    echo "Running Terraform-docs on directory: $dir_to_scan"
+    terraform-docs \
+      -c scripts/config/terraform-docs.yml \
+      --output-file README.md \
+      "$dir_to_scan"
+  fi
+}
+
+function run-terraform-docs-in-docker() {
+
+  # shellcheck disable=SC1091
+  source ./scripts/docker/docker.lib.sh
+  local dir_to_scan="$1"
+
+  # shellcheck disable=SC2155
+  local image=$(name=quay.io/terraform-docs/terraform-docs docker-get-image-version-and-pull)
+  # shellcheck disable=SC2086
+  echo "Terraform-docs not found locally, running in Docker Container"
+  echo "Running Terraform-docs on directory: $dir_to_scan"
+  docker run --rm --platform linux/amd64 \
+    --volume "$PWD":/workdir \
+    --workdir /workdir \
+    "$image" \
+      -c scripts/config/terraform-docs.yml \
+      --output-file README.md \
+      "$dir_to_scan"
+
+}
+# ==============================================================================
+
+function is-arg-true() {
+
+  if [[ "$1" =~ ^(true|yes|y|on|1|TRUE|YES|Y|ON)$ ]]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# ==============================================================================
+
+is-arg-true "${VERBOSE:-false}" && set -x
+
+main "$@"
+
+exit 0

scripts/githooks/check-terraform-docs.sh

@@ -58,7 +58,6 @@ function terraform-fmt() {
         terraform fmt --recursive "${d}"
     fi
   done
-
 }
 
 # Validate Terraform code.

scripts/terraform/terraform-docs.sh

@@ -63,6 +63,13 @@ terraform-sec: # TFSEC check against Terraform files - optional: terraform_dir|d
 		--tfvars-file infrastructure/terraform/etc/env_eu-west-2_main.tfvars \
 		--config-file scripts/config/tfsec.yaml
 
+terraform-docs: # Terraform-docs check against Terraform files - optional: terraform_dir|dir=[path to a directory where the command will be executed, relative to the project's top-level directory, default is one of the module variables or the example directory, if not set], terraform_opts|opts=[options to pass to the Terraform fmt command, default is '-recursive'] @Quality
+	for dir in ./infrastructure/terraform/components/* ./infrastructure/terraform/modules/*; do \
+		if [ -d "$$dir" ]; then \
+			./scripts/terraform/terraform-docs.sh $$dir; \
+		fi \
+	done
+
 # ==============================================================================
 # Module tests and examples - please DO NOT edit this section!
 
@@ -97,6 +104,7 @@ ${VERBOSE}.SILENT: \
 	terraform-example-destroy-aws-infrastructure \
 	terraform-example-provision-aws-infrastructure \
 	terraform-fmt \
+	terraform-docs \
 	terraform-init \
 	terraform-install \
 	terraform-plan \