schmalz/shared-actions
15
0
Fork 0
Code Issues Pull requests 1 Releases Packages Activity Actions

feat: add mock-files input to create empty files for Terraform validation
Some checks failed
validate-shared-actions / validate-shared-actions (pull_request) Successful in 40s
Details
Aikido Security PR Check / Aikido Security Scan (pull_request) Failing after 3m5s
Details

Browse source
This commit is contained in:
Michael.Seele@schmalz.de 2026-05-21 13:00:14 +00:00
parent 038b488a6b
commit 45a2bc8d84
2 changed files with 33 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
terraform-validate/README.md
View file

@ -10,6 +10,7 @@ Validate Terraform configuration files using the official Terraform CLI.
| `terraform-version` | No | `~1.15` | Terraform version to use |
| `workspace` | No | `""` | Terraform workspace to use |
| `jfrog-token` | No | `""` | JFrog Artifactory token for the Terraform provider registry (`TF_TOKEN_schmalz_jfrog_io`) |
| `mock-files` | No | `""` | Newline-separated list of file paths (relative to repo root) to create as empty files before validation. Useful when Terraform uses `file()` references that do not exist in CI. |
## Usage
@ -20,8 +21,22 @@ Validate Terraform configuration files using the official Terraform CLI.
jfrog-token: ${{ secrets.JFROG_TOKEN }}
```
With mock files for `file()` dependencies:
```yaml
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/terraform-validate@terraform-validate-v1
with:
workspace: stage
jfrog-token: ${{ secrets.JFROG_TOKEN }}
mock-files: |
config/app.json
secrets/tls.crt
secrets/tls.key
```
## Notes
- Runs `terraform init -backend=false`, `terraform fmt -check -recursive`, and `terraform validate`.
- Sets `TF_WORKSPACE` during validate if `workspace` is provided.
- Sets `TF_TOKEN_schmalz_jfrog_io` on both `init` and `validate` steps if `jfrog-token` is provided.
- Sets `TF_TOKEN_schmalz_jfrog_io` on both `init` and `validate` steps if `jfrog-token` is provided.
- When `mock-files` is set, empty files are created at the given paths (including any missing parent directories) before `terraform init` runs. This allows validation of configurations that reference external files via `file()`.

17
terraform-validate/action.yml
View file

@ -19,6 +19,13 @@ inputs:
description: JFrog Artifactory token used for Terraform provider registry (sets TF_TOKEN_schmalz_jfrog_io)
required: false
default: ""
mock-files:
description: |-
Newline-separated list of file paths to create as empty files before validation.
Useful when Terraform configurations reference external files via file() that do not exist in CI.
Paths are relative to the repository root.
required: false
default: ""
runs:
using: composite
@ -43,6 +50,16 @@ runs:
key: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-${{ hashFiles(format('{0}/.terraform.lock.hcl', inputs.terraform-dir)) }}
restore-keys: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-
- name: Create mock files
if: ${{ inputs.mock-files != '' }}
shell: bash
run: |
while IFS= read -r mock_file; do
[ -z "$mock_file" ] && continue
mkdir -p "$(dirname "$mock_file")"
touch "$mock_file"
done <<< "${{ inputs.mock-files }}"
- name: Terraform Init
shell: bash
env: