feat: Add tftools

Selleo · Apr 26, 2024 · 86708a8 · 86708a8
1 parent 3c2854f
commit 86708a8
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 12 deletions.
diff --git a/.github/workflows/documentation.yml → .github/workflows/tfdocs.yml b/.github/workflows/documentation.yml → .github/workflows/tfdocs.yml
@@ -1,12 +1,12 @@
-name: Generate terraform docs
+name: Terraform Docs
 on:
   - pull_request
 
 jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         ref: ${{ github.event.pull_request.head.ref }}
 

diff --git a/.github/workflows/tflint.yml b/.github/workflows/tflint.yml
@@ -7,19 +7,20 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       name: Checkout source code
 
-    - uses: actions/cache@v3
+    - uses: actions/cache@v4
       name: Cache plugin dir
       with:
         path: ~/.tflint.d/plugins
         key: tflint-${{ hashFiles('.tflint.hcl') }}
 
-    - uses: terraform-linters/setup-tflint@v3
+    - uses: terraform-linters/setup-tflint@v4
       name: Setup TFLint
       with:
-        tflint_version: v0.45.0
+        tflint_version: v0.50.3
+        tflint_wrapper: true
 
     - name: Show version
       run: tflint --version
@@ -32,7 +33,11 @@ jobs:
 
     - name: Run TFLint
       run: |
-        tflint -f compact .
-        tflint -f compact modules/cloudfront-app
-        tflint -f compact modules/cloudfront-deployment-policy
-        tflint -f compact modules/cloudfront-s3-origin-bucket-policy
+        tflint -f compact --chdir .
+        tflint -f compact --chdir modules/cloudfront-app
+        tflint -f compact --chdir modules/cloudfront-deployment-policy
+        tflint -f compact --chdir modules/cloudfront-s3-origin-bucket-policy
+
+    - run: echo ${{ steps.tflint.outputs.stdout }}
+    - run: echo ${{ steps.tflint.outputs.stderr }}
+    - run: echo ${{ steps.tflint.outputs.exitcode }}
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
@@ -0,0 +1,15 @@
+name: Terraform Security Check
+on:
+  pull_request:
+jobs:
+  tfsec:
+    name: tfsec
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@master
+      - name: tfsec
+        uses: aquasecurity/[email protected]
+        with:
+          soft_fail: true
diff --git a/.tflint.hcl b/.tflint.hcl
@@ -1,11 +1,11 @@
 plugin "terraform" {
     enabled = true
-    version = "0.2.2"
+    version = "0.6.0"
     source  = "github.com/terraform-linters/tflint-ruleset-terraform"
 }
 
 plugin "aws" {
     enabled = true
-    version = "0.21.2"
+    version = "0.30.0"
     source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }
diff --git a/examples/cloudfront-app/versions.tf b/examples/cloudfront-app/versions.tf
@@ -6,6 +6,11 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
   }
 }
 

diff --git a/modules/cloudfront-app/versions.tf b/modules/cloudfront-app/versions.tf
@@ -6,6 +6,11 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
   }
 }
 
diff --git a/modules/cloudfront-deployment-policy/versions.tf b/modules/cloudfront-deployment-policy/versions.tf
@@ -6,6 +6,11 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
   }
 }
 
diff --git a/modules/cloudfront-s3-origin-bucket-policy/versions.tf b/modules/cloudfront-s3-origin-bucket-policy/versions.tf
@@ -6,6 +6,11 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
+
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.0"
+    }
   }
 }