-
Notifications
You must be signed in to change notification settings - Fork 1
98 lines (96 loc) · 3.63 KB
/
lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
---
name: Lint
on:
workflow_call:
inputs:
multiple_workspaces:
description: 'If true it will support multiple workspaces'
default: false
required: false
type: boolean
terraform_version:
description: 'The version of Terraform CLI to install'
default: 'latest'
required: false
type: string
working_dir:
description: 'Switch to a different working directory before executing the given subcommand'
default: '.'
required: false
type: string
default_branch:
description: 'The name of the repository default branch'
default: 'master'
required: false
type: string
filter_regex_exclude:
description: 'Regular expression defining which files will be excluded from linting'
required: false
type: string
filter_regex_include:
description: 'Regular expression defining which files will be processed by linters'
required: false
type: string
linter_rules_path:
description: 'Directory for all linter configuration rules'
default: '.github/linters'
required: false
type: string
validate_all_codebase:
description: 'Will parse the entire repository and find all files to validate across all types'
default: true
required: false
type: boolean
secrets:
cli_config_credentials_token:
description: 'The API token for a Terraform Cloud/Enterprise instance'
required: false
github-token:
description: 'The token used to authenticate with GitHub'
required: false
jobs:
lint:
name: Lint Code
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Environment (stage)
if: ${{ inputs.multiple_workspaces && (github.base_ref == 'develop' || github.ref == 'refs/heads/develop') }}
run: |
# shellcheck disable=SC2086
echo "TF_WORKSPACE=stage" >> $GITHUB_ENV
- name: Environment (prod)
if: ${{ inputs.multiple_workspaces && (github.base_ref == 'main' || github.ref == 'refs/heads/main') }}
run: |
# shellcheck disable=SC2086
echo "TF_WORKSPACE=prod" >> $GITHUB_ENV
- name: Setup Terraform
if: hashFiles('**/.tflint.hcl') != ''
uses: hashicorp/setup-terraform@v2.0.3
with:
cli_config_credentials_token: ${{ secrets.cli_config_credentials_token }}
terraform_version: ${{ inputs.terraform_version }}
- name: Terraform Init
if: hashFiles('**/.tflint.hcl') != ''
run: terraform -chdir=${{ inputs.working_dir }} init
- name: Stash changes
if: hashFiles('**/.tflint.hcl') != ''
run: git stash -- ${{ inputs.working_dir }}/.terraform.lock.hcl
- name: Setup TFLint
if: hashFiles('**/.tflint.hcl') != ''
run: |
curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
export TFLINT_PLUGIN_DIR="${RUNNER_TEMP}/_github_home/.tflint.d/plugins"
tflint -c ${{ inputs.linter_rules_path }}/.tflint.hcl --init
- name: Lint Code
uses: github/super-linter/slim@v4
env:
DEFAULT_BRANCH: ${{ inputs.default_branch }}
FILTER_REGEX_EXCLUDE: ${{ inputs.filter_regex_exclude }}
FILTER_REGEX_INCLUDE: ${{ inputs.filter_regex_include }}
GITHUB_TOKEN: ${{ secrets.github-token }}
LINTER_RULES_PATH: ${{ inputs.linter_rules_path }}
VALIDATE_ALL_CODEBASE: ${{ inputs.validate_all_codebase }}