Merge pull request #1 from truefoundry/terraform-workflows

Added terraform workflows

.github/workflows/terraform-doc-generator.yml

@@ -0,0 +1,16 @@
+name: Terraform doc generator
+
+on:
+  workflow_call:
+
+jobs:
+  terraform-module-readme-generator:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Render terraform docs and push changes back to PR
+        uses: terraform-docs/gh-actions@main
+        with:
+          git-push: "true"

.github/workflows/terraform-lint-format.yml

@@ -0,0 +1,64 @@
+name: Terraform fmt and linter
+
+on:
+  workflow_call:
+    inputs:
+      terraform_version:
+        description: "Version of terraform binary"
+        type: string
+        default: "1.9.8"
+      enable_tflint:
+        description: "Enable Tflint"
+        type: boolean
+        default: true
+      tflint_severity_threshold:
+        description: "Threshold of minimum failure severity for tflint. Examples - error | warning | notice"
+        type: string
+        default: warning
+      tflint_version:
+        description: "TFLint version"
+        type: string
+        default: v0.53.0
+
+jobs:
+  terraform-fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Setting up terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "${{ inputs.terraform_version }}"
+      - name: "Running format"
+        run: terraform fmt --recursive --diff -check=true
+
+  terraform-tflint:
+    if: ${{ inputs.enable_tflint }}
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Cache plugin dir
+        uses: actions/cache@v4
+        with:
+          path: ~/.tflint.d/plugins
+          key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v3
+        with:
+          tflint_version: ${{ inputs.tflint_version }}
+
+      - name: Init TFLint
+        run: tflint --init
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Run TFLint
+        run: tflint --minimum-failure-severity=${{ inputs.tflint_severity_threshold }} -f compact

.github/workflows/terraform-scan.yml

@@ -0,0 +1,32 @@
+name: Iac code scanning
+
+on:
+  workflow_call:
+    inputs:
+      enable_code_test:
+        description: "Enable snyk code test"
+        type: boolean
+        default: true
+      code_test_severity_threshold:
+        description: "Severity threshold for IaC scanning. Acceptable values: low | medium | high"
+        type: string
+        default: "high"
+    secrets:
+      snyk_token:
+        description: "Snyk token"
+        required: true
+
+jobs:
+  code_test:
+    runs-on: ubuntu-latest
+    if: ${{ inputs.enable_code_test }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Node snyk vulnerability scanning code test
+        uses: snyk/actions/[email protected]
+        with:
+          command: iac test
+          args: --severity-threshold=${{ inputs.code_test_severity_threshold }}
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.gitignore

@@ -0,0 +1,2 @@
+.DS_Store
+.aider*