Add Terraform validation and linting workflow with TFLint config#6
Closed
devin-ai-integration[bot] wants to merge 2 commits into
Closed
Add Terraform validation and linting workflow with TFLint config#6devin-ai-integration[bot] wants to merge 2 commits into
devin-ai-integration[bot] wants to merge 2 commits into
Conversation
- Add .tflint.hcl with terraform and aws plugins, naming convention, documented variables/outputs, unused declarations, and standard module structure rules - Add GitHub Actions workflow that runs on PRs to main touching terraform/** - Dynamic module discovery via matrix strategy for terraform/modules/* - Validate all environments (dev, prod, staging) with fmt, init, validate - Summary job aggregates results across all modules and environments
Contributor
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
- Fix terraform fmt alignment in namespaces/variables.tf - Add --minimum-failure-severity=error to TFLint so pre-existing warnings (missing required_version, required_providers) don't fail the build
Contributor
Author
|
Closing: this PR is older than 3 weeks. Reopen if still needed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a GitHub Actions workflow and shared TFLint configuration to validate and lint all Terraform modules and environment configs on every PR to
mainthat touchesterraform/**.New files:
terraform/.tflint.hcl— Shared TFLint config enabling theterraform(recommended preset) andaws(v0.31.0) plugins, plus rules for naming conventions, documented variables/outputs, unused declarations, and standard module structure..github/workflows/terraform-validate.yml— CI workflow with 4 jobs:terraform/modules/for a matrix strategy (currently:dns,ecr,eks-cluster,namespaces,networking).terraform fmt -check,terraform init -backend=false,terraform validate, TFLint init + run.dev,prod,staging):terraform fmt -check,terraform init -backend=false,terraform validate.Minor fix:
terraform/modules/namespaces/variables.tf— Fixedterraform fmtalignment (pre-existing formatting issue whereresource_quota_enabledcaused misaligned=signs).Updates since initial revision
--minimum-failure-severity=errorso that pre-existing warnings (e.g. missingrequired_version, missingrequired_providersversion constraints in several modules) are surfaced in CI output but do not block the build. Only errors will cause failure.terraform fmtviolation innamespaces/variables.tf.Review & Testing Checklist for Human
ecr,dns,networking,eks-cluster) emit warnings for missingrequired_versionand/orrequired_providersversion constraints. These are real issues worth fixing in a follow-up, but are allowed to pass here via--minimum-failure-severity=error. Verify this trade-off is acceptable for your team.../../.tflint.hclfromterraform/modules/<name>/) — works today given the 2-level nesting, but is brittle if modules are restructured. Consider whether a symlink or CI-level path resolution would be more robust.[dev, prod, staging]) unlike the dynamic module discovery. If new environments are added, this list must be updated manually.Notes
terraform init -backend=falseis used intentionally so CI doesn't need AWS credentials or state backend access.fmt/init/validate(no TFLint), since TFLint is primarily useful for module-level linting.v0.31.0— may need periodic updates.latestversion — consider pinning to a specific version to avoid unexpected breakage from future releases.Link to Devin session: https://partner-workshops.devinenterprise.com/sessions/86ed7cfd49eb437d94693401b56b2879