feat: rewrite terraform test and validate scripts dynamically using paths-filter

Author: DevelopmentCats

.github/workflows/ci.yaml

@@ -49,10 +49,18 @@ jobs:
           ALL_CHANGED_FILES: ${{ steps.filter.outputs.all_files }}
           SHARED_CHANGED: ${{ steps.filter.outputs.shared }}
           MODULE_CHANGED_FILES: ${{ steps.filter.outputs.modules_files }}
-        run: ./scripts/ts_test_auto.sh
+        run: bun tstest
       - name: Run Terraform tests
-        run: ./scripts/terraform_test_all.sh
+        env:
+          ALL_CHANGED_FILES: ${{ steps.filter.outputs.all_files }}
+          SHARED_CHANGED: ${{ steps.filter.outputs.shared }}
+          MODULE_CHANGED_FILES: ${{ steps.filter.outputs.modules_files }}
+        run: bun tftest
       - name: Run Terraform Validate
+        env:
+          ALL_CHANGED_FILES: ${{ steps.filter.outputs.all_files }}
+          SHARED_CHANGED: ${{ steps.filter.outputs.shared }}
+          MODULE_CHANGED_FILES: ${{ steps.filter.outputs.modules_files }}
         run: bun terraform-validate
   validate-style:
     name: Check for typos and unformatted code

package.json

@@ -4,7 +4,8 @@
     "fmt": "bun x prettier --write . && terraform fmt -recursive -diff",
     "fmt:ci": "bun x prettier --check . && terraform fmt -check -recursive -diff",
     "terraform-validate": "./scripts/terraform_validate.sh",
-    "test": "./scripts/terraform_test_all.sh",
+    "tftest": "./scripts/terraform_test_all.sh",
+    "tstest": "./scripts/ts_test_auto.sh",
     "update-version": "./update-version.sh"
   },
   "devDependencies": {

scripts/terraform_test_all.sh

@@ -1,21 +1,87 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Find all directories that contain any .tftest.hcl files and run terraform test in each
+# Auto-detect which Terraform tests to run based on changed files from paths-filter
+# Uses paths-filter outputs from GitHub Actions:
+#   ALL_CHANGED_FILES - all files changed in the PR (for logging)
+#   SHARED_CHANGED - boolean indicating if shared infrastructure changed
+#   MODULE_CHANGED_FILES - only files in registry/**/modules/** (for processing)
+# Runs all tests if shared infrastructure changes or if env vars are not set (local dev)
+#
+# This script only runs tests for changed modules. Documentation and template changes are ignored.
 
 run_dir() {
   local dir="$1"
   echo "==> Running terraform test in $dir"
   (cd "$dir" && terraform init -upgrade -input=false -no-color > /dev/null && terraform test -no-color -verbose)
 }
 
-mapfile -t test_dirs < <(find . -type f -name "*.tftest.hcl" -print0 | xargs -0 -I{} dirname {} | sort -u)
+echo "==> Detecting changed files..."
+
+if [[ -n "${ALL_CHANGED_FILES:-}" ]]; then
+  echo "Changed files in PR:"
+  echo "$ALL_CHANGED_FILES" | tr ' ' '\n' | sed 's/^/  - /'
+  echo ""
+fi
+
+if [[ "${SHARED_CHANGED:-false}" == "true" ]]; then
+  echo "==> Shared infrastructure changed"
+  echo "==> Running all tests for safety"
+  mapfile -t test_dirs < <(find . -type f -name "*.tftest.hcl" -print0 | xargs -0 -I{} dirname {} | sort -u)
+elif [[ -z "${MODULE_CHANGED_FILES:-}" ]]; then
+  echo "✓ No module files changed, skipping tests"
+  exit 0
+else
+  CHANGED_FILES=$(echo "$MODULE_CHANGED_FILES" | tr ' ' '\n')
+
+  MODULE_DIRS=()
+  while IFS= read -r file; do
+    if [[ "$file" =~ \.(md|png|jpg|jpeg|svg)$ ]]; then
+      continue
+    fi
+
+    if [[ "$file" =~ ^registry/([^/]+)/modules/([^/]+)/ ]]; then
+      namespace="${BASH_REMATCH[1]}"
+      module="${BASH_REMATCH[2]}"
+      module_dir="registry/${namespace}/modules/${module}"
+
+      if [[ -d "$module_dir" ]] && [[ ! " ${MODULE_DIRS[*]} " =~ " ${module_dir} " ]]; then
+        MODULE_DIRS+=("$module_dir")
+      fi
+    fi
+  done <<< "$CHANGED_FILES"
+
+  if [[ ${#MODULE_DIRS[@]} -eq 0 ]]; then
+    echo "✓ No Terraform tests to run"
+    echo "  (documentation, templates, namespace files, or modules without changes)"
+    exit 0
+  fi
+
+  echo "==> Finding .tftest.hcl files in ${#MODULE_DIRS[@]} changed module(s):"
+  for dir in "${MODULE_DIRS[@]}"; do
+    echo "  - $dir"
+  done
+  echo ""
+
+  test_dirs=()
+  for module_dir in "${MODULE_DIRS[@]}"; do
+    while IFS= read -r test_file; do
+      test_dir=$(dirname "$test_file")
+      if [[ ! " ${test_dirs[*]} " =~ " ${test_dir} " ]]; then
+        test_dirs+=("$test_dir")
+      fi
+    done < <(find "$module_dir" -type f -name "*.tftest.hcl")
+  done
+fi
 
 if [[ ${#test_dirs[@]} -eq 0 ]]; then
-  echo "No .tftest.hcl tests found."
+  echo "✓ No .tftest.hcl tests found in changed modules"
   exit 0
 fi
 
+echo "==> Running terraform test in ${#test_dirs[@]} directory(ies)"
+echo ""
+
 status=0
 for d in "${test_dirs[@]}"; do
   if ! run_dir "$d"; then

scripts/terraform_validate.sh

@@ -2,6 +2,15 @@
 
 set -euo pipefail
 
+# Auto-detect which Terraform modules to validate based on changed files from paths-filter
+# Uses paths-filter outputs from GitHub Actions:
+#   ALL_CHANGED_FILES - all files changed in the PR (for logging)
+#   SHARED_CHANGED - boolean indicating if shared infrastructure changed
+#   MODULE_CHANGED_FILES - only files in registry/**/modules/** (for processing)
+# Validates all modules if shared infrastructure changes or if env vars are not set (local dev)
+#
+# This script only validates changed modules. Documentation and template changes are ignored.
+
 validate_terraform_directory() {
   local dir="$1"
   echo "Running \`terraform validate\` in $dir"
@@ -12,18 +21,58 @@ validate_terraform_directory() {
 }
 
 main() {
-  # Get the directory of the script
-  local script_dir=$(dirname "$(readlink -f "$0")")
+  echo "==> Detecting changed files..."
+
+  if [[ -n "${ALL_CHANGED_FILES:-}" ]]; then
+    echo "Changed files in PR:"
+    echo "$ALL_CHANGED_FILES" | tr ' ' '\n' | sed 's/^/  - /'
+    echo ""
+  fi
 
-  # Code assumes that registry directory will always be in same position
-  # relative to the main script directory
+  local script_dir=$(dirname "$(readlink -f "$0")")
   local registry_dir="$script_dir/../registry"
 
-  # Get all module subdirectories in the registry directory. Code assumes that
-  # Terraform module directories won't begin to appear until three levels deep into
-  # the registry (e.g., registry/coder/modules/coder-login, which will then
-  # have a main.tf file inside it)
-  local subdirs=$(find "$registry_dir" -mindepth 3 -path "*/modules/*" -type d | sort)
+  if [[ "${SHARED_CHANGED:-false}" == "true" ]]; then
+    echo "==> Shared infrastructure changed"
+    echo "==> Validating all modules for safety"
+    local subdirs=$(find "$registry_dir" -mindepth 3 -path "*/modules/*" -type d | sort)
+  elif [[ -z "${MODULE_CHANGED_FILES:-}" ]]; then
+    echo "✓ No module files changed, skipping validation"
+    exit 0
+  else
+    CHANGED_FILES=$(echo "$MODULE_CHANGED_FILES" | tr ' ' '\n')
+
+    MODULE_DIRS=()
+    while IFS= read -r file; do
+      if [[ "$file" =~ \.(md|png|jpg|jpeg|svg)$ ]]; then
+        continue
+      fi
+
+      if [[ "$file" =~ ^registry/([^/]+)/modules/([^/]+)/ ]]; then
+        namespace="${BASH_REMATCH[1]}"
+        module="${BASH_REMATCH[2]}"
+        module_dir="registry/${namespace}/modules/${module}"
+
+        if [[ -d "$module_dir" ]] && [[ ! " ${MODULE_DIRS[*]} " =~ " ${module_dir} " ]]; then
+          MODULE_DIRS+=("$module_dir")
+        fi
+      fi
+    done <<< "$CHANGED_FILES"
+
+    if [[ ${#MODULE_DIRS[@]} -eq 0 ]]; then
+      echo "✓ No modules to validate"
+      echo "  (documentation, templates, namespace files, or modules without changes)"
+      exit 0
+    fi
+
+    echo "==> Validating ${#MODULE_DIRS[@]} changed module(s):"
+    for dir in "${MODULE_DIRS[@]}"; do
+      echo "  - $dir"
+    done
+    echo ""
+
+    local subdirs="${MODULE_DIRS[*]}"
+  fi
 
   for dir in $subdirs; do
     # Skip over any directories that obviously don't have the necessary