Skip to content

Commit

Permalink
Lint terraform
Browse files Browse the repository at this point in the history
`terraform fmt -recursive .`
  • Loading branch information
theseanything committed Jul 11, 2024
1 parent 130b19e commit b6386eb
Show file tree
Hide file tree
Showing 17 changed files with 208 additions and 141 deletions.
67 changes: 67 additions & 0 deletions .github/workflows/ci-terraform.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
name: Terraform linting
on:
push:
paths: ['**/*.tf', '**/*.hcl', '.github/workflows/ci-terraform.yml']
env:
TF_IN_AUTOMATION: true
TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
jobs:
tflint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
show-progress: false

- name: Determine Terraform version to use
uses: dflook/terraform-version@33f9a69ab2950c83a6d3a8626f35075481a64ca0
id: terraform-version
with:
path: terraform

- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.terraform-version.outputs.terraform }}
terraform_wrapper: false

- name: Create Terraform plugin cache dir
run: mkdir -p "$TF_PLUGIN_CACHE_DIR"

- name: Cache Terraform plugins
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key:
terraform-plugins-${{ runner.os }}-${{ hashFiles('**/.terraform.lock.hcl') }}

- uses: actions/cache@v4
name: Cache TFLint plugins
with:
path: ~/.tflint.d/plugins
key: tflint-${{ runner.os }}-${{ hashFiles('**/tflint.hcl') }}

- uses: terraform-linters/setup-tflint@v4
name: Set up TFLint
with:
tflint_version: v0.47.0

- name: terraform fmt
working-directory: terraform
run: |
if ! terraform fmt -check -diff -list=true -recursive .; then
>&2 echo "Some terraform files weren't formatted correctly. Run 'terraform fmt' to fix them."
exit 1
fi
- name: tflint
run: |
tflint --version
tflint --init --recursive
tflint --format compact --module --recursive --force \
--enable-rule=terraform_comment_syntax \
--enable-rule=terraform_deprecated_index \
--enable-rule=terraform_required_providers \
--enable-rule=terraform_standard_module_structure \
--enable-rule=terraform_typed_variables \
--enable-rule=terraform_unused_declarations \
--enable-rule=terraform_unused_required_providers
12 changes: 6 additions & 6 deletions assets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ module "assets-integration" {

configuration = {
environment = "integration"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
}

secrets = yamldecode(var.assets_integration)
Expand All @@ -25,8 +25,8 @@ module "assets-staging" {

configuration = {
environment = "staging"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
}

secrets = yamldecode(var.assets_staging)
Expand All @@ -43,8 +43,8 @@ module "assets-production" {

configuration = {
environment = "production"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
}

secrets = yamldecode(var.assets_production)
Expand Down
4 changes: 2 additions & 2 deletions bouncer.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ module "bouncer-production" {
source = "./modules/bouncer"

environment = "production"
domain = "publishing.service.gov.uk"
domain = "publishing.service.gov.uk"

secrets = yamldecode(var.bouncer_production)
}
12 changes: 6 additions & 6 deletions datagovuk.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ module "datagovuk-integration" {

configuration = {
environment = "integration"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
}

secrets = yamldecode(var.datagovuk_integration)
Expand All @@ -25,8 +25,8 @@ module "datagovuk-staging" {

configuration = {
environment = "staging"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
}

secrets = yamldecode(var.datagovuk_staging)
Expand All @@ -43,8 +43,8 @@ module "datagovuk-production" {

configuration = {
environment = "production"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
git_hash = var.TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA
probe = "/"
}

secrets = yamldecode(var.datagovuk_production)
Expand Down
4 changes: 2 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ terraform {
provider "fastly" {}

variable "TFC_CONFIGURATION_VERSION_GIT_COMMIT_SHA" {
type = string
default = "unknown"
type = string
default = "unknown"
description = "Git commit hash (automatically populated)"
}

Expand Down
2 changes: 1 addition & 1 deletion modules/assets/provider.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
terraform {
required_providers {
fastly = {
source = "fastly/fastly"
source = "fastly/fastly"
}
}
}
82 changes: 41 additions & 41 deletions modules/assets/service.tf
Original file line number Diff line number Diff line change
@@ -1,28 +1,28 @@
locals {
template_values = merge(
{ # some defaults
aws_origin_port = 443
minimum_tls_version = "1.2"
ssl_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"
aws_origin_port = 443
minimum_tls_version = "1.2"
ssl_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"
basic_authentication = null
probe_dns_only = false
probe_dns_only = false

# these values are needed even if mirrors aren't enabled in an environment
s3_mirror_hostname = null
s3_mirror_prefix = null
s3_mirror_probe = null
s3_mirror_port = 443
s3_mirror_hostname = null
s3_mirror_prefix = null
s3_mirror_probe = null
s3_mirror_port = 443
s3_mirror_replica_hostname = null
s3_mirror_replica_prefix = null
s3_mirror_replica_probe = null
s3_mirror_replica_port = 443
gcs_mirror_hostname = null
gcs_mirror_access_id = null
gcs_mirror_secret_key = null
gcs_mirror_bucket_name = null
gcs_mirror_prefix = null
gcs_mirror_probe = null
gcs_mirror_port = 443
s3_mirror_replica_prefix = null
s3_mirror_replica_probe = null
s3_mirror_replica_port = 443
gcs_mirror_hostname = null
gcs_mirror_access_id = null
gcs_mirror_secret_key = null
gcs_mirror_bucket_name = null
gcs_mirror_prefix = null
gcs_mirror_probe = null
gcs_mirror_port = 443
},
{ # computed values
module_path = "${path.module}"
Expand All @@ -43,8 +43,8 @@ resource "fastly_service_vcl" "service" {
}

vcl {
main = true
name = "main"
main = true
name = "main"
content = templatefile("${path.module}/${var.vcl_template_file}", local.template_values)
}

Expand All @@ -54,10 +54,10 @@ resource "fastly_service_vcl" "service" {
}
iterator = each
content {
name = each.key
priority = each.value.priority
name = each.key
priority = each.value.priority
statement = each.value.statement
type = each.value.type
type = each.value.type
}
}

Expand Down Expand Up @@ -114,10 +114,10 @@ resource "fastly_service_vcl" "service" {
}
EOT
))
tls_hostname = each.value.hostname
token = each.value.token
url = each.value.url
use_tls = true
tls_hostname = each.value.hostname
token = each.value.token
url = each.value.url
use_tls = true
response_condition = lookup(each.value, "response_condition", null)
}
}
Expand All @@ -128,19 +128,19 @@ resource "fastly_service_vcl" "service" {
}
iterator = each
content {
name = each.key
bucket_name = each.value.bucket_name
domain = each.value.domain
path = each.value.path
period = each.value.period
redundancy = each.value.redundancy
s3_access_key = each.value.access_key_id
s3_secret_key = each.value.secret_access_key
name = each.key
bucket_name = each.value.bucket_name
domain = each.value.domain
path = each.value.path
period = each.value.period
redundancy = each.value.redundancy
s3_access_key = each.value.access_key_id
s3_secret_key = each.value.secret_access_key
response_condition = lookup(each.value, "response_condition", null)

format_version = 2
message_type = "blank"
gzip_level = 9
format_version = 2
message_type = "blank"
gzip_level = 9
timestamp_format = "%Y-%m-%dT%H:%M:%S.000"

format = lookup(each.value, "format", chomp(
Expand Down Expand Up @@ -176,8 +176,8 @@ resource "fastly_service_dictionary_items" "items" {
for_each = {
for d in fastly_service_vcl.service.dictionary : d.name => d
}
service_id = fastly_service_vcl.service.id
service_id = fastly_service_vcl.service.id
dictionary_id = each.value.dictionary_id
items = var.dictionaries[each.key]
manage_items = true
items = var.dictionaries[each.key]
manage_items = true
}
4 changes: 2 additions & 2 deletions modules/bouncer/provider.tf
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
terraform {
required_providers {
fastly = {
source = "fastly/fastly"
source = "fastly/fastly"
}
http = {
source = "hashicorp/http"
source = "hashicorp/http"
version = "3.4.0"
}
}
Expand Down
34 changes: 17 additions & 17 deletions modules/bouncer/service.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,23 +2,23 @@ data "http" "domains" {
url = "https://transition.publishing.service.gov.uk/hosts.json"
}

locals {
locals {
domains_json = jsondecode(data.http.domains.response_body)
domains = {
for d in local.domains_json.results:
d.hostname => ""
for d in local.domains_json.results :
d.hostname => ""
}
}

resource "fastly_service_vcl" "service" {
name = "${title(var.environment)} Bouncer"
name = "${title(var.environment)} Bouncer"
comment = ""

dynamic "domain" {
for_each = local.domains
iterator = each
content {
name = each.key
name = each.key
comment = ""
}
}
Expand All @@ -27,7 +27,7 @@ resource "fastly_service_vcl" "service" {
main = true
name = "main"
content = templatefile("${path.module}/${var.vcl_template_file}", {
domain = var.domain,
domain = var.domain,
module_path = "${path.module}"
})
}
Expand All @@ -38,19 +38,19 @@ resource "fastly_service_vcl" "service" {
}
iterator = each
content {
name = each.key
bucket_name = each.value.bucket_name
domain = each.value.domain
path = each.value.path
period = each.value.period
redundancy = each.value.redundancy
s3_access_key = each.value.access_key_id
s3_secret_key = each.value.secret_access_key
name = each.key
bucket_name = each.value.bucket_name
domain = each.value.domain
path = each.value.path
period = each.value.period
redundancy = each.value.redundancy
s3_access_key = each.value.access_key_id
s3_secret_key = each.value.secret_access_key
response_condition = lookup(each.value, "response_condition", null)

format_version = 2
message_type = "blank"
gzip_level = 9
format_version = 2
message_type = "blank"
gzip_level = 9
timestamp_format = "%Y-%m-%dT%H:%M:%S.000"

format = lookup(each.value, "format", chomp(
Expand Down
8 changes: 4 additions & 4 deletions modules/bouncer/variables.tf
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
variable "vcl_template_file" {
type = string
default = "bouncer.vcl.tftpl"
type = string
default = "bouncer.vcl.tftpl"
description = "Relateive path to VCL template"
}

variable "environment" {
type = string
type = string
default = "production"
}

variable "domain" {
type = string
type = string
default = "publishing.service.gov.uk"
}

Expand Down
Loading

0 comments on commit b6386eb

Please sign in to comment.