clowdhaus / terraform-composite-actions Goto Github PK

View Code? Open in Web Editor NEW

40.0 4.0 16.0 257 KB

Contains composit GitHub actions for use with Terraform AWS Module workflows

License: Apache License 2.0

Python 100.00%

terraform-modules terraform composite-action github-actions

terraform-composite-actions's Introduction

Terraform Composite GitHub Actions

Contains composite GitHub actions used within Terraform AWS Module projects.

Actions

Commit

The clowdhaus/terraform-composite-actions/commit action will commit any changes back to your git-branch. When used in conjunction with clowdhaus/terraform-composite-actions/pre-commit, this action will ensure that pull-requests are well formatted and the automatically generated documentation is updated.

GitHub Token Permissions

A GitHub personal access token is required in order for the action to be able to successfully commit and push any changes back to the specified branch.

⚠️ Access Tokens & Pull-Requests from Forked Reposiories ⚠️

When using this action from a forked copy, it will only succeed if either of two conditions are met:

The user who has forked the project must create a GitHub personal access token with the defined permissions and store it in their forked repository under the same name as the upstream secret (defined in the workflow file)
The entity that presides over the source repository extends access to the secret (you should be mindful of what this means - extending secret access to forked repositories means those forks could potentially retrieve those secret values) via https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/

jobs:
  commit:
    name: Commit changes
    runs-on: ubuntu-latest
    steps:
      - name: Commit changes
        uses: clowdhaus/terraform-composite-actions/commit@main
        with:
          git-branch: ${{ github.event.pull_request.head.ref }}
          github-repository: ${{github.event.pull_request.head.repo.full_name}}
          github-token: ${{ secrets.YOUR_GITHUB_PAT }}

Directories

The clowdhaus/terraform-composite-actions/directories action will return a list of directories that contain a versions.tf, where the presence of a versions.tf file is loosely representative of a Terraform project root directory. This is useful for running a set of commands in each Terraform root directory under a given project.

jobs:
  directories:
    name: Get Terraform directories
    runs-on: ubuntu-latest
    steps:
      - name: Sign AWS Lambda artifact
        uses: clowdhaus/terraform-composite-actions/directories@main
        id: search
      - name: Outputs
        run: echo "${{ steps.search.outputs.directories }}"

Pre-Commit

The clowdhaus/terraform-composite-actions/pre-commit action will install the following tools which are intended to support the pre-commit hooks used within Terraform modules:

Default

pre-commit
terraform using provided terraform-version input (required)
tflint using provided tflint-version input (default = latest)
terraform-docs using provided terraform-docs-version input (default = v0.16.0)

Optional

tfsec, when install-tfsec=true (default = false), using provided tfsec-version input (default = 1.28.0)
hcledit when install-hcledit=true (default = false), using provided hcledit-version input (default = 0.2.3)

Example

jobs:
  pre-commit:
    name: Pre-commit hooks execute
    runs-on: ubuntu-latest
    steps:
      - name: Sign AWS Lambda artifact
        uses: clowdhaus/terraform-composite-actions/pre-commit@main
        with:
          # Configure default software
          terraform-version: 1.2.0
          terraform-docs-version: v0.16.0
          # Configure optional software
          install-hcledit: true
          hcledit-version: 0.2.3
          args: "--all-files --color always --show-diff-on-failure"

License

Apache-2.0 Licensed. See LICENSE.

terraform-composite-actions's People

Contributors

Stargazers

Watchers

Forkers

marianod92 dadosfera bridgecrew-perf1 byronwolfman bridgecrew-perf3 mbadali25 mbainter karstenmueller pravallikasabbisetti alex-ikse markandersontrocme baolsen zvikan cwanyo lifeofguenter rsi-mrobinson

terraform-composite-actions's Issues

TFLint Versions should be pinnable

Currently, this action downloads the latest version of tflint each time. However, when those updates include changes to the client version that make it incompatible with a plugin version specified in the tflint.hcl it can cause the action to break.

Being able to specify a version in similar fashion to terraform docs would be helpful.

Add support for tfsec

Is your feature request related to a problem? Please describe.

We use tfsec extensively in our precommit hooks to do static Terraform code analysis, it is a popular tool in the industry along with the others already supported by this repo (eg terraform-docs, tflint, etc)

Describe the solution you'd like

Add support for tfsec

Describe alternatives you've considered

We could skip tfsec in our precommit check when run in the CI environment, but this is obviously not a great idea :)

Additional context

None.
Happy to take a stab at a PR for this.

Installed terraform version is ignored on ubuntu based actions

I'm not sure exactly when it happened, but the path in an action running on ubuntu-latest looks like this:

/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/home/runner/.local/bin:/opt/pipx_bin:/home/runner/.cargo/bin:/home/runner/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/runner/.dotnet/tools:/snap/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

That means that since this action installs terraform to /usr/bin/terraform then when it calls pre-commit at the end and pre-commit doesn't specify an explicit path to the binary then it will always see the version installed on the base runner image in /usr/local/bin/terraform first (2.5.x int his case).

I haven't tested in in the new 22.04 beta, but this is true of the current ubuntu-latest, and it results in errors like this if you pin terraform versions:

Error: Unsupported Terraform Core version

  on versions.tf line 2, in terraform:
   2:   required_version = "~> 1.1.7"

This configuration does not support Terraform version 1.2.5. To proceed,
either choose another supported Terraform version or update this version
constraint. Version constraints are normally set for good reason, so
updating the constraint may lead to other errors or unexpected behavior.

Add support for `hcledit`

Is your feature request related to a problem? Please describe.

Add support for hcledit by adding to install step for pre-commit

Describe the solution you'd like

Add support for installing hcledit into workflow - can be behind a boolean flag that when enabled hcledit is installed in the GitHub action workflow

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

replace /usr/bin/terraform? [y]es, [n]o, [A]ll, [N]one, [r]ename: NULL

Describe the bug
this action seems to fail deleting terraform binary

To Reproduce
githubactions

      - name: Pre-commit Terraform
        uses: clowdhaus/terraform-composite-actions/[email protected]
        with:
          terraform-version: "1.3.6"
          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
          tflint-version: ${{ env.TFLINT_VERSION }}

Expected behavior
for the install to work from a temp folder

Screenshots

Desktop (please complete the following information):

OS: ubuntu 20

Additional context
githubactions

Node.js 12 actions are deprecated

I'm getting this message when i use action "clowdhaus/terraform-composite-actions/[email protected]"

Node.js 12 actions are deprecated. For more information see: https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/. Please update the following actions to use Node.js 16: actions/checkout