Skip to content

chore(deps): update github/codeql-action digest to 48ab28a #328

chore(deps): update github/codeql-action digest to 48ab28a

chore(deps): update github/codeql-action digest to 48ab28a #328

Workflow file for this run

name: CI
on:
pull_request:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
pull-requests: read
jobs:
fmt:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
- name: Format
run: terraform fmt -recursive -check
batch:
runs-on: ubuntu-latest
outputs:
MODULE_GROUPS: ${{ steps.find-module-groups.outputs.MODULE_GROUPS }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Split Modules into Groups
id: find-module-groups
run: |
find modules examples -maxdepth 2 -mindepth 2 -type d | sort -u | sed 's/^\.\///' | jq -R -s -c 'split("\n")[:-1]' > /tmp/modules.json
modules_raw=$(cat /tmp/modules.json)
echo "MODULE_GROUPS=$modules_raw" >> $GITHUB_OUTPUT
validate-modules:
runs-on: ubuntu-latest
needs: batch
strategy:
fail-fast: false
matrix:
MODULE_GROUPS: ${{ fromJson(needs.batch.outputs.MODULE_GROUPS) }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
- name: Setup TFLint
uses: terraform-linters/setup-tflint@8093687ecc9dcbfa88d07c103ad4176739a7287e # v4
- name: Discover Modules
run: |
dirs=$(find "${{ matrix.MODULE_GROUPS }}" -type f -name "*.tf" -exec dirname {} \; | sort | uniq | tr '\n' ' ')
echo "MODULE_DIRS=$dirs" >> $GITHUB_ENV
- name: Initialize
run: |
for dir in $MODULE_DIRS; do
pushd $dir
terraform init
popd
done
- name: Validate
env:
# Some modules (especially those using multiple providers) do not work with `terraform validate`
# so we exclude them from the validation process
excluded_directories: |
modules/aws/security/securityhub
modules/aws/security/inspector
modules/aws/networking/route53-hosted-zone
run: |
excluded_dirs=($excluded_directories)
for dir in $MODULE_DIRS; do
if [[ ! " ${excluded_dirs[@]} " =~ " $dir " ]]; then
pushd $dir
terraform validate
popd
fi
done
- name: Lint
working-directory: ${{ matrix.MODULE_DIRS }}
run: |
tflint --init
tflint --config ${{ github.workspace }}/.tflint.hcl