shared-actions/terraform-validate/action.yml

name: Terraform Validate
description: >
  Validate Terraform configuration files using the official Terraform CLI.

inputs:
  terraform-dir:
    description: Directory containing .tf files
    required: false
    default: terraform
  terraform-version:
    description: Terraform version to use
    required: false
    default: "~1.15"
  workspace:
    description: Terraform workspace to use
    required: false
    default: ""
  jfrog-token:
    description: JFrog Artifactory token used for Terraform provider registry (sets TF_TOKEN_schmalz_jfrog_io)
    required: false
    default: ""

runs:
  using: composite
  steps:
    # Pinned to commit SHA instead of a tag to prevent supply chain attacks.
    # hashicorp/setup-terraform v4.0.0 — https://github.com/hashicorp/setup-terraform/commits/v4.0.0/
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
      with:
        terraform_version: ${{ inputs.terraform-version }}

    - name: Set Terraform plugin cache directory
      shell: bash
      run: |
        mkdir -p ~/.terraform.d/plugin-cache
        echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >> "$GITHUB_ENV"

    - name: Cache Terraform providers
      uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1
      with:
        path: ~/.terraform.d/plugin-cache
        key: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-${{ hashFiles(format('{0}/.terraform.lock.hcl', inputs.terraform-dir)) }}
        restore-keys: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-

    - name: Terraform Init
      shell: bash
      env:
        TF_DIR: ${{ inputs.terraform-dir }}
        TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }}
      run: terraform -chdir=${{ env.TF_DIR }} init -backend=false -no-color

    - name: Terraform Format Check
      shell: bash
      env:
        TF_DIR: ${{ inputs.terraform-dir }}
      run: terraform -chdir=${{ env.TF_DIR }} fmt -check -recursive

    - name: Terraform Validate
      shell: bash
      env:
        TF_DIR: ${{ inputs.terraform-dir }}
        TF_WORKSPACE: ${{ inputs.workspace }}
        TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }}
      run: terraform -chdir=${{ env.TF_DIR }} validate