schmalz/shared-actions
15
0
Fork 0
Code Issues Pull requests 3 Releases Packages Activity Actions
shared-actions/terraform-validate/action.yml
Sebastian Böhringer 36343e0a79
All checks were successful
validate-shared-actions / validate-shared-actions (pull_request) Successful in 32s
Details
Aikido Security PR Check / Aikido Security Scan (pull_request) Successful in 48s
Details
fix: revert workspace selection as validate does not initialize backend
2026-06-15 09:28:00 +02:00

84 lines
No EOL
2.9 KiB
YAML
Raw Permalink Blame History

name: Terraform Validate
description: >
Validate Terraform configuration files using the official Terraform CLI.
inputs:
terraform-dir:
description: Directory containing .tf files
required: false
default: terraform
terraform-version:
description: Terraform version to use
required: false
default: "~1.15"
workspace:
description: Terraform workspace to use
required: false
default: ""
jfrog-token:
description: JFrog Artifactory token used for Terraform provider registry (sets TF_TOKEN_schmalz_jfrog_io)
required: false
default: ""
mock-files:
description: |-
Newline-separated list of file paths to create as empty files before validation.
Useful when Terraform configurations reference external files via file() that do not exist in CI.
Paths are relative to the repository root.
required: false
default: ""
runs:
using: composite
steps:
# Pinned to commit SHA instead of a tag to prevent supply chain attacks.
# hashicorp/setup-terraform v4.0.0 — https://github.com/hashicorp/setup-terraform/commits/v4.0.0/
- name: Setup Terraform
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85
with:
terraform_version: ${{ inputs.terraform-version }}
- name: Set Terraform plugin cache directory
shell: bash
run: |
mkdir -p ~/.terraform.d/plugin-cache
echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >> "$GITHUB_ENV"
- name: Cache Terraform providers
uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/cache@cache-v1
with:
path: ~/.terraform.d/plugin-cache
key: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-${{ hashFiles(format('{0}/.terraform.lock.hcl', inputs.terraform-dir)) }}
restore-keys: ${{ runner.os }}-terraform-providers-${{ inputs.terraform-version }}-
- name: Create mock files
if: ${{ inputs.mock-files != '' }}
shell: bash
env:
MOCK_FILES: ${{ inputs.mock-files }}
run: |
while IFS= read -r mock_file; do
[ -z "$mock_file" ] && continue
mkdir -p "$(dirname "$mock_file")"
touch "$mock_file"
done <<< "$MOCK_FILES"
- name: Terraform Init
shell: bash
env:
TF_DIR: ${{ inputs.terraform-dir }}
TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }}
run: terraform -chdir=${{ env.TF_DIR }} init -backend=false -no-color
- name: Terraform Format Check
shell: bash
env:
TF_DIR: ${{ inputs.terraform-dir }}
run: terraform -chdir=${{ env.TF_DIR }} fmt -check -recursive
- name: Terraform Validate
shell: bash
env:
TF_DIR: ${{ inputs.terraform-dir }}
TF_WORKSPACE: ${{ inputs.workspace }}
TF_TOKEN_schmalz_jfrog_io: ${{ inputs.jfrog-token }}
run: terraform -chdir=${{ env.TF_DIR }} validate
View git blame Copy permalink