From 6317c83fee63d6faa0afe2aafc35f129bb05c007 Mon Sep 17 00:00:00 2001
From: Benjamin Sanvoisin <benjamin.sanvoisin@gmail.com>
Date: Mon, 25 Nov 2024 18:30:00 +0100
Subject: [PATCH] feat(terragrunt): checks

---
 .github/workflows/terragrunt-quality.yml | 73 ++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 .github/workflows/terragrunt-quality.yml

diff --git a/.github/workflows/terragrunt-quality.yml b/.github/workflows/terragrunt-quality.yml
new file mode 100644
index 0000000..00a55ac
--- /dev/null
+++ b/.github/workflows/terragrunt-quality.yml
@@ -0,0 +1,73 @@
+on:
+  workflow_call:
+    inputs:
+      workdir:
+        required: false
+        type: string
+        default: .
+      checkov_enabled:
+        required: false
+        type: boolean
+        default: true
+      checkov_skip_path:
+        required: false
+        type: string
+      checkov_baseline:
+        required: false
+        type: string
+
+name: terragrunt-quality
+jobs:
+  terragrunt-lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ${{ inputs.workdir }}
+    steps:
+      - name: checkout
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+      - uses: tofuutils/tenv-github-action@3e0c27a3e1131f756e3973e064ffcca2c139e010
+        name: Install Terraform
+        with:
+          tool_name: terraform
+      - name: terraform fmt of directory modules
+        run: terraform fmt -check -recursive -diff modules
+      - uses: tofuutils/tenv-github-action@3e0c27a3e1131f756e3973e064ffcca2c139e010
+        name: Install Terragrunt
+        with:
+          tool_name: terragrunt
+      - name: wtf
+        run: |
+          ls -lah ~
+          echo ---
+          ls -lah $GITHUB_WORKSPACE
+          echo ---
+          ls -lah $GITHUB_WORKSPACE/.tenv/Terragrunt/
+          echo ---
+          ls -lah /usr/local/bin/
+      - name: terragrunt fmt of directory layers
+        run: /usr/local/bin/terragrunt hclfmt --terragrunt-check --terragrunt-diff layers
+      - name: guacamole code quality checks
+        id: guacamole
+        uses: padok-team/guacamole-action@v1.3.0
+        with:
+          path: ${{ inputs.workdir }}
+          verbose: true
+  terragrunt-security:
+    runs-on: ubuntu-latest
+    if: inputs.checkov_enabled
+    defaults:
+      run:
+        working-directory: ${{ inputs.workdir }}
+    steps:
+      - name: checkout
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+      - name: checkov of modules
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: ${{ inputs.workdir }}/modules
+          framework: terraform
+          download_external_modules: false
+          quiet: true
+          skip_path: ${{ inputs.checkov_skip_path }}
+          baseline: ${{ inputs.checkov_baseline }}