feat: tf lint and checkes workflow added (#45)

Co-authored-by: Deepak Verma <[email protected]>

Author: dverma-cd

.github/config/.tflint.hcl

@@ -0,0 +1,24 @@
+// https://github.com/terraform-linters/tflint/blob/master/docs/guides/config.md
+config {
+  module = false
+  force = false
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.17.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+  deep_check = false
+}
+
+rule "aws_instance_invalid_type" {
+  enabled = false
+}
+
+rule "aws_instance_previous_type" {
+  enabled = false
+}
+
+rule "terraform_required_providers" {
+  enabled = false
+}

.github/workflows/tf-checks.yml

@@ -0,0 +1,86 @@
+# Tf check workflow checks for min, max version , terraform fmt , terraform init & terraform validate in your terraform code.
+name: tf-checks
+
+on:
+  workflow_call:
+  # inputs can be defined to use during workflow call. 
+    inputs:
+      working_directory:
+        description: 'Directory where complete example exist of the module.'
+        required: false
+        type: string
+        default: './_example/complete/'
+
+jobs:
+  # Terrafrom version extract as output. 
+  versionExtract:
+    name: Get min/max versions
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      # Checking terraform Max and Min version .
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@main
+        with:
+          directory: ${{ inputs.working_directory}}
+    outputs:
+      minVersion: ${{ steps.minMax.outputs.minVersion }}
+      maxVersion: ${{ steps.minMax.outputs.maxVersion }}
+
+  # Evaluting terraform version based on version extract.
+  versionEvaluate:
+    name: Evaluate Terraform versions
+    runs-on: ubuntu-latest
+    needs: versionExtract
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - ${{ needs.versionExtract.outputs.minVersion }}
+          - ${{ needs.versionExtract.outputs.maxVersion }}
+        directory:
+          - ${{ inputs.working_directory}}
+
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v3
+
+     # Installing terraform version based on version extract.
+      - name: Install Terraform v${{ matrix.version }}
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ matrix.version }}
+
+      # Terraform checks to Init and Validate terraform code. 
+      - name: Init & validate v${{ matrix.version }}
+        run: |
+          cd ${{ matrix.directory }}
+          terraform init
+          terraform validate
+
+  # Action to verfiy terraform formatting . 
+  format:
+    name: Check code format
+    runs-on: ubuntu-latest
+    needs: versionExtract
+
+    steps:
+       # Checkout the repository to the GitHub Actions runner
+      - name: Checkout
+        uses: actions/checkout@v2
+
+     # Action added to install terraform 
+      - name: Install Terraform v${{ needs.versionExtract.outputs.maxVersion }}
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ needs.versionExtract.outputs.maxVersion }}
+
+      # Running command to check terraform formatting changes. 
+      - name: Check Terraform format changes
+        run: terraform fmt --recursive -check=true

.github/workflows/tf-lint.yml

@@ -0,0 +1,53 @@
+# Tf lint work flow checks for possible errors, best practices in your terraform code. 
+name: tf-lint
+on:
+  workflow_call:
+  # Secrets can be defined to use during workflow call. 
+    secrets:
+      GITHUB:
+        required: true
+        description: 'PAT of the user to run the jobs.'
+
+jobs:
+  tflint:
+    runs-on: ubuntu-latest
+
+   # Checkout the repository to the GitHub Actions runner
+    steps:
+    - uses: actions/checkout@v3
+      name: Checkout source code
+    
+    # Action to add tflint plugin based in OS 
+    - uses: actions/cache@v3
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    #Setting up terraform lint 
+    - uses: terraform-linters/setup-tflint@v3
+      name: Setup TFLint
+      with:
+        tflint_version: v0.44.1
+        github_token: ${{ secrets.GITHUB }}
+
+    # Added tflint config to check tflint additional rules 
+    - uses: terraform-linters/tflint-load-config-action@v1
+      name: Setup tflint-config
+      with:
+        source-repo: clouddrove/github-shared-workflows
+        source-path: .github/config/.tflint.hcl
+
+    # Verfiy the installed tflint version.    
+    - name: Show version
+      run: tflint --version
+
+    - name: init lint
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+    
+    # command to check tf lint in terraform code. 
+    - name: Run lint
+      run: tflint --recursive --color --force -f compact

README.md

@@ -58,6 +58,8 @@ Above example is just a simple example to call workflow from github shared workf
    * [Example for terraform checks with azure cloud](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-checks.md#example-for-terraform-checks-with-azure-cloud)
    * [Example for terraform checks with aws cloud](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-checks.md#example-for-terraform-checks-with-aws-cloud)
    * [Example for terraform checks with digitalocean cloud](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-checks.md#example-for-terraform-checks-with-digitalocean-cloud)
+6. [Terraform Lint Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-lint.md)
+7. [Terraform Checks Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/terraform-static-checks.md)
 
 ## Feedback 
 If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/github-shared-workflows/issues), or feel free to drop us an email at [[email protected]](mailto:[email protected]).

docs/terraform-checks.md

@@ -1,60 +1,21 @@
-## [Terraform Checks Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/terraform.yml)
+## [Terraform Checks Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/tf-checks.yml)
 
-This workflow is used to terraform checks. Workflows have been added in `.github/workflows/terraform.yml`
+This workflow automates terraform checks for min, max version , terraform fmt , terraform init & terraform validate in your terraform code. `.github/workflows/tf-checks.yml`
 
 #### Usage
-This workflow is used to terraform checks. Workflows have been added in `.github/workflows/terraform.yml`
+There are several checks you can perform to ensure the accuracy and integrity of your infrastructure provisioning process for Major Cloud providers (AWS/Azure/GCP). Warn about version, fmt and terraform validate.
 
-#### Example with azure cloud
+#### Example
 ```yaml
-name: Terraform Checks
-
-on:
-  pull_request:
-
-jobs:
-  terraform:
-    uses: clouddrove/github-shared-workflows/.github/workflows/terraform.yml@master
-    secrets:
-      GITHUB: ${{ secrets.GITHUB }}
-      DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-    with:
-      provider: 'azurerm'
-      working_directory: './_example/'
-```
-#### Example with aws cloud
-```yaml
-name: Terraform Checks
-
+name: tf-checks
 on:
+  push:
+    branches: [ master ]
   pull_request:
-
-jobs:
-  terraform:
-    uses: clouddrove/github-shared-workflows/.github/workflows/terraform.yml@master
-    secrets:
-      GITHUB: ${{ secrets.GITHUB }}
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
-    with:
-      provider: 'aws'
-      working_directory: './_example/'
-```
-#### Example with digitalocean cloud
-```yaml
-name: Terraform Checks
-
-on:
-  pull_request:
-
+  workflow_dispatch:
 jobs:
-  terraform:
-    uses: clouddrove/github-shared-workflows/.github/workflows/terraform.yml@master
-    secrets:
-      GITHUB: ${{ secrets.GITHUB }}
-      DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
-    with:
-      provider: 'digitalocean'
-      working_directory: './_example/'
+  tf-static-checks:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tf-checks.yml@master
+    with:  
+        working_directory: './_example/complete/'
 ```

docs/terraform-lint.md

@@ -0,0 +1,21 @@
+## [Auto Assign Assignee Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/tflint.yml)
+
+This workflow automates terraform linter that checks for possible errors, best practices, etc in your terraform code Workflows have been added in `.github/workflows/tflint.yml`
+
+#### Usage
+TFLint is a framework and each feature is provided by plugins, the key features are as follows: Find possible errors (like invalid instance types) for Major Cloud providers (AWS/Azure/GCP). Warn about deprecated syntax, unused declarations. Enforce best practices, naming conventions.
+
+#### Example
+```yaml
+name:  TF-Lint
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+  workflow_dispatch:
+jobs:
+  tf-lint:
+    uses: clouddrove/github-shared-workflows/.github/workflows/tflint.yml@master
+    secrets:
+      GITHUB: ${{ secrets.GITHUB }}
+```