Unverified Commit bb0ba5f4 authored by kilianpaquier's avatar kilianpaquier
Browse files

feat(tflint): upgrade tflint base image since bundle one is deprecated - #93 



BREAKING CHANGE: `tflint-args` is now only '--recursive' and a new input `tflint-config-file` / `TF_TFLINT_CONFIG_FILE` is now available,
defaulting to `.tflint.hcl` (relative to $TF_PROJECT_DIR) and autogenerated in case it doesn't exist (embedding aws, azurerm and google plugins).

Signed-off-by: default avatarkilianpaquier <git@kilianpaquier.dev>
parent 76bbcb28

README.md

+156 −155

File changed.

Preview size limit exceeded, changes collapsed.

kicker.json

+8 −3
Original line number Diff line number Diff line
@@ -169,13 +169,18 @@ 
        {

          "name": "TF_TFLINT_IMAGE",

          "description": "Tflint docker image",

          "default": "ghcr.io/terraform-linters/tflint-bundle:latest",

          "default": "ghcr.io/terraform-linters/tflint:latest",

          "advanced": true

        },

        {

          "name": "TF_TFLINT_ARGS",

          "description": "tflint extra [options and args](https://github.com/terraform-linters/tflint/#usage)",

          "default": "--enable-plugin=google --enable-plugin=azurerm --enable-plugin=aws --recursive"

          "default": "--recursive"

        },

        {

          "name": "TF_TFLINT_CONFIG_FILE",

          "description": "tflint [configuration file](https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md) (relative to `$TF_PROJECT_DIR`)",

          "default": ".tflint.hcl"

        }

      ]

    },

templates/gitlab-ci-terraform.yml

+46 −3
Original line number Diff line number Diff line
@@ -104,10 +104,13 @@ spec: 
      default: false

    tflint-image:

      description: Tflint docker image

      default: ghcr.io/terraform-linters/tflint-bundle:latest

      default: ghcr.io/terraform-linters/tflint:latest

    tflint-args:

      description: tflint extra [options and args](https://github.com/terraform-linters/tflint/#usage)

      default: --enable-plugin=google --enable-plugin=azurerm --enable-plugin=aws --recursive

      default: --recursive

    tflint-config-file:

      description: tflint [configuration file](https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md) (relative to `$TF_PROJECT_DIR`)

      default: .tflint.hcl

    fmt-enabled:

      description: Enable fmt

      type: boolean
@@ -352,6 +355,7 @@ variables: 
  TF_TRIVY_ARGS: $[[ inputs.trivy-args ]]

  TF_TFLINT_IMAGE: $[[ inputs.tflint-image ]]

  TF_TFLINT_ARGS: $[[ inputs.tflint-args ]]

  TF_TFLINT_CONFIG_FILE: $[[ inputs.tflint-config-file ]]

  TF_APK_EXTRA_OPTS: $[[ inputs.apk-extra-opts ]]

  TF_CHECKOV_IMAGE: $[[ inputs.checkov-image ]]

  TF_CHECKOV_ARGS: $[[ inputs.checkov-args ]]
@@ -735,6 +739,35 @@ stages: 
    fi

  }



  function tflint_default_config() {

    [ ! -f "$TFLINT_CONFIG_FILE" ] || return 0

    log_info "No tflint config found, injecting default one"



    aws_version=$(wget -qO- http://api.github.com/repos/terraform-linters/tflint-ruleset-aws/tags | awk -F'"' '/"name"/ {print $4}' | sed '1!d')

    azurerm_version=$(wget -qO- http://api.github.com/repos/terraform-linters/tflint-ruleset-azurerm/tags | awk -F'"' '/"name"/ {print $4}' | sed '1!d')

    google_version=$(wget -qO- http://api.github.com/repos/terraform-linters/tflint-ruleset-google/tags | awk -F'"' '/"name"/ {print $4}' | sed '1!d')



  cat > "$TFLINT_CONFIG_FILE" <<EOF

  plugin "aws" {

    enabled = true

    source  = "github.com/terraform-linters/tflint-ruleset-aws"

    version = "${aws_version#v*}"

  }



  plugin "azurerm" {

    enabled = true

    source  = "github.com/terraform-linters/tflint-ruleset-azurerm"

    version = "${azurerm_version#v*}"

  }



  plugin "google" {

    enabled = true

    source  = "github.com/terraform-linters/tflint-ruleset-google"

    version = "${google_version#v*}"

  }

  EOF

  }



  tf_pre_init() {

    # maybe execute pre init script

    prescript="$TF_SCRIPTS_DIR/tf-pre-init.sh"
@@ -1276,10 +1309,15 @@ tf-tflint: 
  extends: .tf-base

  image:

    name: $TF_TFLINT_IMAGE

  variables:

    # environment variables for tflint to pick automatically

    TFLINT_CONFIG_FILE: $CI_PROJECT_DIR/$TF_PROJECT_DIR/$TF_TFLINT_CONFIG_FILE

    TFLINT_PLUGIN_DIR: $CI_PROJECT_DIR/$TF_PROJECT_DIR/.plugins

  stage: build

  needs: []

  script:

    - mkdir -p -m 777 reports

    - tflint_default_config

    - tflint --init

    - tflint --force --format=junit $TF_TFLINT_ARGS > reports/tflint.xunit.xml

    - TFLINT_LOG=${TRACE+debug} tflint $TF_TFLINT_ARGS
@@ -1290,6 +1328,11 @@ tf-tflint: 
      junit: $TF_PROJECT_DIR/reports/tflint.xunit.xml

    paths:

      - "$TF_PROJECT_DIR/reports/tflint.*"

  cache:

    - key: "$CI_COMMIT_REF_SLUG-tflint"

      paths:

        - $TFLINT_PLUGIN_DIR

      when: always

  dependencies: []

  rules:

    - if: '$TF_TFLINT_DISABLED == "true"'