fix(tflint): use GitHub token to avoid hitting GitHub rate limits for plugin downloads (155334d0) · Commits · to be continuous... / Terraform

README.md

+4 −1

Original line number	Diff line number	Diff line
		@@ -563,6 +563,7 @@ Here are variables supported to configure the production environment:
		\| `tflint-disabled` / `TF_TFLINT_DISABLED` \| Set to `true` to disable tflint \| _none_ (enabled) \|
		\| `tflint-args` / `TF_TFLINT_ARGS` \| tflint extra [options and args](https://github.com/terraform-linters/tflint/#usage) \| `--recursive` \|
		\| `tflint-config-file` / `TF_TFLINT_CONFIG_FILE` \| tflint [configuration file](https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md) (relative to `$TF_PROJECT_DIR`) \| `.tflint.hcl` \|
		\| `tflint-github-token` / `TF_TFLINT_GITHUB_TOKEN` \| Github token used to access to Github API to download `tflint plugins` on GitHub avoiding hitting GitHub’s rate limit for anonymous API requests. \| `$GITHUB_TOKEN` \|

		In addition to a textual report in the console, this job produces the following reports, kept for one day:

		@@ -570,6 +571,8 @@ In addition to a textual report in the console, this job produces the following
		\| ------------------------------------------ \| ----------------------------------------------------------- \| ---------------------------------------------------------------------------------------------- \|
		\| `$TF_PROJECT_DIR/reports/tflint.xunit.xml` \| [xUnit](https://en.wikipedia.org/wiki/XUnit) test report(s) \| [GitLab integration](https://docs.gitlab.com/ci/yaml/artifacts_reports/#artifactsreportsjunit) \|

		When the project does not contains the file `.tflint.hcl` or provide a `TF_TFLINT_CONFIG_FILE`, the default lint configuration is built using tflint plugings `tflint-ruleset-aws`, `tflint-ruleset-azurerm` and `tflint-ruleset-google`.

		### `tf-tftest` job

		[tftest](https://developer.hashicorp.com/terraform/language/tests) is a native Terraform testing framework and uses the following variables:

kicker.json

+5 −0

Original line number	Diff line number	Diff line
		@@ -186,6 +186,11 @@
		"name": "TF_TFLINT_CONFIG_FILE",
		"description": "tflint [configuration file](https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md) (relative to `$TF_PROJECT_DIR`)",
		"default": ".tflint.hcl"
		},
		{
		"name": "TF_TFLINT_GITHUB_TOKEN",
		"description": "Github token used to access to Github API to download `tflint plugins` on GitHub avoiding hitting GitHub’s rate limit for anonymous API requests. Note default installed tflint pluging are `tflint-ruleset-aws`, `tflint-ruleset-azurerm` and `tflint-ruleset-google`.",
		"default": "$GITHUB_TOKEN"
		}
		]
		},

templates/gitlab-ci-terraform.yml

+12 −3

Original line number	Diff line number	Diff line
		@@ -111,6 +111,9 @@ spec:
		tflint-config-file:
		description: tflint [configuration file](https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md) (relative to `$TF_PROJECT_DIR`)
		default: .tflint.hcl
		tflint-github-token:
		description: Github token used to access to Github API to download `tflint plugins` on GitHub avoiding hitting GitHub’s rate limit for anonymous API requests.
		default: "$GITHUB_TOKEN"
		fmt-enabled:
		description: Enable fmt
		type: boolean
		@@ -362,6 +365,7 @@ variables:
		TF_TFLINT_IMAGE: $[[ inputs.tflint-image ]]
		TF_TFLINT_ARGS: $[[ inputs.tflint-args ]]
		TF_TFLINT_CONFIG_FILE: $[[ inputs.tflint-config-file ]]
		TF_TFLINT_GITHUB_TOKEN: $[[ inputs.tflint-github-token ]]
		TF_APK_EXTRA_OPTS: $[[ inputs.apk-extra-opts ]]
		TF_CHECKOV_IMAGE: $[[ inputs.checkov-image ]]
		TF_CHECKOV_ARGS: $[[ inputs.checkov-args ]]
		@@ -747,12 +751,17 @@ stages:
		}

		function tflint_default_config() {
		export GITHUB_TOKEN=$TF_TFLINT_GITHUB_TOKEN
		if [[ -z "$GITHUB_TOKEN" ]]; then
		log_info "GITHUB_TOKEN is not provided: anonymously access to API. Beware of rate limits (https://docs.github.com/en/rest/rate-limit/rate-limit)"
		fi

		[ ! -f "$TFLINT_CONFIG_FILE" ] \|\| return 0
		log_info "No tflint config found, injecting default one"

		aws_version=$(wget -qO- http://api.github.com/repos/terraform-linters/tflint-ruleset-aws/tags \| awk -F'"' '/"name"/ {print $4}' \| sed '1!d')
		azurerm_version=$(wget -qO- http://api.github.com/repos/terraform-linters/tflint-ruleset-azurerm/tags \| awk -F'"' '/"name"/ {print $4}' \| sed '1!d')
		google_version=$(wget -qO- http://api.github.com/repos/terraform-linters/tflint-ruleset-google/tags \| awk -F'"' '/"name"/ {print $4}' \| sed '1!d')
		aws_version=$(wget -qO- https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/tags ${GITHUB_TOKEN:+--header="Authorization: token $GITHUB_TOKEN"} \| awk -F'"' '/"name"/ {print $4}' \| sed '1!d')
		azurerm_version=$(wget -qO- https://api.github.com/repos/terraform-linters/tflint-ruleset-azurerm/tags ${GITHUB_TOKEN:+--header="Authorization: token $GITHUB_TOKEN"} \| awk -F'"' '/"name"/ {print $4}' \| sed '1!d')
		google_version=$(wget -qO- https://api.github.com/repos/terraform-linters/tflint-ruleset-google/tags ${GITHUB_TOKEN:+--header="Authorization: token $GITHUB_TOKEN"} \| awk -F'"' '/"name"/ {print $4}' \| sed '1!d')

		cat > "$TFLINT_CONFIG_FILE" <<EOF
		plugin "aws" {