CI tweaks

navapbc · Jan 6, 2025 · 3e148a7 · 3e148a7
1 parent da17862
commit 3e148a7
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 10 deletions.
diff --git a/.github/actions/setup-terraform/action.yml b/.github/actions/setup-terraform/action.yml
@@ -3,7 +3,7 @@ description: "Set up Terraform with the version stored in the .terraform-version
 inputs:
   version-file:
     description: "File containing the terraform version to use."
-    default: ".terraform-version"
+    default: "./templates/base/.terraform-version"
 runs:
   using: "composite"
   steps:

diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml
@@ -16,4 +16,4 @@ jobs:
       - uses: gaurav-nelson/[email protected]
         with:
           use-quiet-mode: "yes" # errors only.
-          config-file: ".github/workflows/markdownlint-config.json"
+          config-file: "templates/base/.github/workflows/markdownlint-config.json"
diff --git a/.github/workflows/ci-infra.yml b/.github/workflows/ci-infra.yml
@@ -5,14 +5,16 @@ on:
     branches:
       - main
     paths:
-      - bin/**
-      - infra/**
       - .github/workflows/**
+      - templates/*/.github/workflows/**
+      - templates/*/bin/**
+      - templates/*/infra/**
   pull_request:
     paths:
-      - bin/**
-      - infra/**
       - .github/workflows/**
+      - templates/*/.github/workflows/**
+      - templates/*/bin/**
+      - templates/*/infra/**
 
 jobs:
   lint-github-actions:
@@ -35,7 +37,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Shellcheck
-        run: make infra-lint-scripts
+        run: make -f template-only.mak infra-lint-scripts
   check-terraform-format:
     name: Check Terraform format
     runs-on: ubuntu-latest
@@ -45,15 +47,15 @@ jobs:
       - name: Run infra-lint-terraform
         run: |
           echo "If this fails, run 'make infra-format'"
-          make infra-lint-terraform
+          make -f template-only.mak infra-lint-terraform
   validate-terraform:
     name: Validate Terraform modules
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/setup-terraform
       - name: Validate
-        run: make infra-validate-modules
+        run: make -f template-only.mak infra-validate-modules
   check-compliance-with-checkov:
     name: Check compliance with checkov
     runs-on: ubuntu-latest
@@ -70,7 +72,8 @@ jobs:
         # In this case, checkov-action v12.2296.0 is mapped to checkov v2.3.194.
         uses: bridgecrewio/[email protected]
         with:
-          directory: infra
+          # TODO: need to run different steps for templates/*/infra?
+          # directory: infra
           framework: terraform
           quiet: true # only displays failed checks
   check-compliance-with-tfsec:

diff --git a/template-only.mak b/template-only.mak
@@ -3,12 +3,30 @@
 
 PROJECT_NAME ?= platform-template-infra
 
+MODULES := $(notdir $(wildcard templates/base/infra/modules/*))
+
 .PHONY : \
   clean \
 	test \
 	setup-app-backends \
 	destroy-account
 
+infra-lint-scripts: ## Lint shell scripts
+	shellcheck templates/*/bin/**
+
+infra-lint-terraform: ## Lint Terraform code
+	terraform fmt -recursive -check templates/*/infra
+
+# The prerequisite for this rule is obtained by
+# prefixing each module with the string "infra-validate-module-"
+infra-validate-modules: ## Run terraform validate on reusable child modules
+infra-validate-modules: $(patsubst %, infra-validate-module-%, $(MODULES))
+
+infra-validate-module-%:
+	@echo "Validate library module: $*"
+	terraform -chdir=templates/base/infra/modules/$* init -backend=false
+	terraform -chdir=templates/base/infra/modules/$* validate
+
 lint-template-scripts: ## Lint template only scripts
 	shellcheck template-only-bin/**