ci: refactor terraform validation

github-aws-runners · Nov 16, 2024 · ab37e4c · ab37e4c
1 parent 26ad5c1
commit ab37e4c
Show file tree

Hide file tree

Showing 9 changed files with 133 additions and 163 deletions.
diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
@@ -3,180 +3,46 @@ on:
   push:
     branches:
       - main
+      - npalm/*
   pull_request:
-    paths: ["**/*.tf", "**/*.hcl", ".github/workflows/terraform.yml"]
+    paths: ["**/*.tf", "**/*.hcl", ".github/workflows/terraform.yml", ".utils/**"]
+    paths-ignore: ["lambdas/**"]
 
 permissions:
   contents: read
   pull-requests: write
 
-env:
-  AWS_REGION: eu-west-1
 jobs:
-  verify_module:
-    name: Verify module
-    strategy:
-      matrix:
-        terraform: [1.5.6, "latest"]
+  dirs:
+    name: Find modules
     runs-on: ubuntu-latest
-    container:
-      image: hashicorp/terraform:${{ matrix.terraform }}
-    steps:
-      - name: "Checkout"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: "Fake zip files" # Validate will fail if it cannot find the zip files
-        run: |
-          touch lambdas/functions/webhook/webhook.zip
-          touch lambdas/functions/control-plane/runners.zip
-          touch lambdas/functions/gh-agent-syncer/runner-binaries-syncer.zip
-          touch lambdas/functions/ami-housekeeper/ami-housekeeper.zip
-          touch lambdas/functions/termination-watcher/termination-watcher.zip
-      - name: terraform init
-        run: terraform init -get -backend=false -input=false
-      - if: contains(matrix.terraform, '1.5.')
-        name: check terraform formatting
-        run: terraform fmt -recursive -check=true -write=false
-      - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build
-        name: check terraform formatting
-        run: terraform fmt -recursive -check=true -write=false
-        continue-on-error: true
-      - name: validate terraform
-        run: terraform validate
-      - if: contains(matrix.terraform, '1.5.')
-        name: Fix for actions/cache on alpine
-        run: apk add --no-cache tar
-        continue-on-error: true
-      - if: contains(matrix.terraform, '1.5.')
-        uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
-        name: Cache TFLint plugin dir
-        with:
-          path: ~/.tflint.d/plugins
-          key: tflint-${{ hashFiles('.tflint.hcl') }}
-      - if: contains(matrix.terraform, '1.5.')
-        name: Setup TFLint
-        uses: terraform-linters/setup-tflint@19a52fbac37dacb22a09518e4ef6ee234f2d4987 # v4.0.0
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - if: contains(matrix.terraform, '1.5.')
-        name: Run TFLint
-        run: |
-          tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl
-          tflint -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars
-
-  verify_modules:
-    name: Verify modules
-    strategy:
-      fail-fast: false
-      matrix:
-        terraform: [1.5.6, "latest"]
-        module:
-          [
-            "ami-housekeeper",
-            "download-lambda",
-            "lambda",
-            "multi-runner",
-            "runner-binaries-syncer",
-            "runners",
-            "setup-iam-permissions",
-            "ssm",
-            "termination-watcher",
-            "webhook",
-          ]
-    defaults:
-      run:
-        working-directory: modules/${{ matrix.module }}
-    runs-on: ubuntu-latest
-    container:
-      image: hashicorp/terraform:${{ matrix.terraform }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: terraform init
-        run: terraform init -get -backend=false -input=false
-      - if: contains(matrix.terraform, '1.3.')
-        name: check terraform formatting
-        run: terraform fmt -recursive -check=true -write=false
-      - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build
-        name: check terraform formatting
-        run: terraform fmt -recursive -check=true -write=false
-        continue-on-error: true
-      - name: validate terraform
-        run: terraform validate
-      - if: contains(matrix.terraform, '1.3.')
-        name: Fix for actions/cache on alpine
-        run: apk add --no-cache tar
-        continue-on-error: true
-      - if: contains(matrix.terraform, '1.3.')
-        uses: actions/cache@v4
-        name: Cache TFLint plugin dir
-        with:
-          path: ~/.tflint.d/plugins
-          key: tflint-${{ hashFiles('.tflint.hcl') }}
-      - if: contains(matrix.terraform, '1.3.')
-        name: Setup TFLint
-        uses: terraform-linters/setup-tflint@v4
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - if: contains(matrix.terraform, '1.3.')
-        name: Run TFLint
-        working-directory: ${{ github.workspace }}
+
+      - id: find
+        # Ignore directories whose names start with .terraform or obsolete
+        shell: bash
         run: |
-          tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl --chdir modules/${{ matrix.module }}
-          tflint -f compact -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars --chdir modules/${{ matrix.module }}
+          source ./.utils/find.sh
+          #modules=$(findAllTerraformDirs --ignores "examples")
+          #modules=$(echo $modules | jq 'map(select(. | contains("./modules/multi-runner")))')
+          #examples=$(findAllTerraformDirs --ignores "modules" --hide-root)
+          modules=$(findAllTerraformDirs)
+          echo "modules=$(echo $modules)" >> $GITHUB_OUTPUT
+          echo "examples=$(echo $examples)" >> $GITHUB_OUTPUT
+    outputs:
+      tf_modules: ${{ steps.find.outputs.modules }}
+      tf_examples: ${{ steps.find.outputs.examples }}
 
-  verify_examples:
-    name: Verify examples
+  verify_all:
+    uses: ./.github/workflows/terraform-validate-template.yml
+    name: Verify module ${{ matrix.module }}
+    needs: dirs
+    with:
+      terraform_version: ${{ matrix.terraform }}
+      module: ${{ matrix.module }}
     strategy:
       fail-fast: false
       matrix:
-        terraform: [1.5.6, "latest"]
-        example:
-          [
-            "default",
-            "ubuntu",
-            "prebuilt",
-            "arm64",
-            "ephemeral",
-            "termination-watcher",
-            "windows",
-            "multi-runner",
-          ]
-    defaults:
-      run:
-        working-directory: examples/${{ matrix.example }}
-    runs-on: ubuntu-latest
-    container:
-      image: hashicorp/terraform:${{ matrix.terraform }}
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: terraform init
-        run: terraform init -get -backend=false -input=false
-      - if: contains(matrix.terraform, '1.5.')
-        name: check terraform formatting
-        run: terraform fmt -recursive -check=true -write=false
-      - if: contains(matrix.terraform, 'latest') # check formatting for the latest release but avoid failing the build
-        name: check terraform formatting
-        run: terraform fmt -recursive -check=true -write=false
-        continue-on-error: true
-      - name: validate terraform
-        run: terraform validate
-      - if: contains(matrix.terraform, '1.5.')
-        name: Fix for actions/cache on alpine
-        run: apk add --no-cache tar
-        continue-on-error: true
-      - if: contains(matrix.terraform, '1.5.')
-        uses: actions/cache@v4
-        name: Cache TFLint plugin dir
-        with:
-          path: ~/.tflint.d/plugins
-          key: tflint-${{ hashFiles('.tflint.hcl') }}
-      - if: contains(matrix.terraform, '1.5.')
-        name: Setup TFLint
-        uses: terraform-linters/setup-tflint@v4
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - if: contains(matrix.terraform, '1.5.')
-        name: Run TFLint
-        working-directory: ${{ github.workspace }}
-        run: |
-          tflint --init -c ${GITHUB_WORKSPACE}/.tflint.hcl --chdir modules/${{ matrix.module }}
-          tflint -f compact -c ${GITHUB_WORKSPACE}/.tflint.hcl --var-file ${GITHUB_WORKSPACE}/.github/lint/tflint.tfvars --chdir examples/${{ matrix.example }}
+        terraform: ["1.5", "latest"]
+        module: ${{ fromJson(needs.dirs.outputs.tf_modules) }}
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -3,9 +3,15 @@ config {
   call_module_type = "local"
 }
 
+# plugin "terraform" {
+#     enabled = true
+#     version = "0.10.0"
+#     source  = "github.com/terraform-linters/tflint-ruleset-terraform"
+# }
+
 plugin "aws" {
     enabled = true
-    version = "0.30.0"
+    version = "0.34.0"
     source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
 

diff --git a/.ci/.dockerignore → .utils/.dockerignore b/.ci/.dockerignore → .utils/.dockerignore
diff --git a/.ci/Dockerfile → .utils/Dockerfile b/.ci/Dockerfile → .utils/Dockerfile
diff --git a/.ci/build.ps1 → .utils/build.ps1 b/.ci/build.ps1 → .utils/build.ps1
diff --git a/.ci/build.sh → .utils/build.sh b/.ci/build.sh → .utils/build.sh
diff --git a/.utils/find.sh b/.utils/find.sh
@@ -0,0 +1,86 @@
+function findAllTerraformDirs() {
+  local ignores=""
+  local hide_root=false
+  local format="json"
+  local args=("$@")
+
+  # Parse arguments
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+      --ignores)
+        shift
+        while [[ $# -gt 0 && $1 != --* ]]; do
+          ignores="$ignores -o -name '$1'"
+          shift
+        done
+        ;;
+      --hide-root)
+        hide_root=true
+        shift
+        ;;
+      --format)
+        shift
+        format=$1
+        shift
+        ;;
+      *)
+        shift
+        ;;
+    esac
+  done
+
+
+  find_command="find . -type d \( -name '.terraform*' -o -name 'deprecated*' $ignores \) -prune -o \
+    -name '*.tf' \
+    -not -path '*/.terraform/*' \
+    -exec dirname {} \; | \
+    sort | \
+    uniq"
+
+
+  if [ "$format" = "json" ]; then
+    jq_filter='split("\n") | map(select(. != ""))'
+    if [ "$hide_root" = true ]; then
+      jq_filter='split("\n") | map(select(. != "" and . != "."))'
+    fi
+    find_command="$find_command | jq --raw-input --slurp '$jq_filter'"
+  elif [ "$format" = "plain" ]; then
+    if [ "$hide_root" = true ]; then
+      find_command="$find_command | grep -v '^\\.$'"
+    fi
+  fi
+
+  eval $find_command
+}
+
+findLambdaFunctions() {
+  # lambdas are located in lambdas/functions
+  # only the first level director should be resulted
+  # output format plain or json, json is default, not other options needed
+
+  local format="json"
+  local args=("$@")
+  while [[ $# -gt 0 ]]; do
+    case $1 in
+      --format)
+        shift
+        format=$1
+        shift
+        ;;
+      *)
+        shift
+        ;;
+    esac
+  done
+
+  find_command="find lambdas/functions -maxdepth 1 -type d | \
+      sort | \
+      uniq"
+
+  if [ "$format" = "json" ]; then
+    jq_filter='split("\n") | map(select(. != ""))'
+    find_command="$find_command | jq --raw-input --slurp '$jq_filter'"
+  fi
+
+  eval $find_command
+}
diff --git a/.ci/terraform-init-all.sh → .utils/terraform-init-all.sh b/.ci/terraform-init-all.sh → .utils/terraform-init-all.sh
diff --git a/.utils/terraform.sh b/.utils/terraform.sh
@@ -0,0 +1,12 @@
+#source "$(dirname "${BASH_SOURCE[0]}")/find.sh"
+source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/find.sh"
+
+generateDummyLambdaZip() {
+  lambdaDirs=($(findLambdaFunctions --format plain))
+  echo ${lambdaDirs[@]}
+  echo ----
+  for lambdaDir in "${lambdaDirs[@]}"; do
+    echo Generating dummy zip for $lambdaDir/$(basename $lambdaDir).zip
+    touch "$lambdaDir/$(basename $lambdaDir).zip"
+  done
+}