Automatic terraform linting with reviewdog and tflint

0 0 0


reviewdog

Introduction

In this article we will test how to lint and get automatic checks in our github pull requests for our terraform code using reviewdog and the tflint github action, this is particularly useful to prevent unwanted changes or buggy commits to be merged into your principal branch whatever that is. In order for this to work you just need to configure a Github action in your repo and that’s it, you don’t need to generate any token or do any extra step.


In order to make the example easier I have created this repo with the basic configuration to make it work.


Terraform

First of all we need to get our terraform code, as you can see it’s a simple ec2 instance in AWS, but the instance type doesn’t exist, we will fix that in a bit.

resource "aws_instance" "ec2_test" {
  ami           = "ari-67b95e0e"
  instance_type = "t1.medium"
}

Github Workflow

Since we’re using Github we can take advantage of Actions in order to run a linter for our code and mark our PR if something is wrong.

name: reviewdog
on: [pull_request]
jobs:
  tflint:
    name: runner / tflint
    runs-on: ubuntu-latest

    steps:
      - name: Clone repo
        uses: actions/checkout@master

      # Install latest Terraform manually as
      #  Docker-based GitHub Actions are
      #  slow due to lack of caching
      # Note: Terraform is not needed for tflint
      - name: Install Terraform
        run: |
          brew install terraform

      # Run init to get module code to be able to use `--module`
      - name: Terraform init
        run: |
          terraform init

      # Minimal example
      - name: tflint
        uses: reviewdog/action-tflint@master
        with:
          github_token: ${{ secrets.github_token }}

      # More complex example
      - name: tflint
        uses: reviewdog/action-tflint@master
        with:
          github_token: ${{ secrets.github_token }}
          fail_on_error: "true" # Optional. Fail action if errors are found

Example PR

First we will run a PR with an issue to see it fail and how reporting works (To get here you can click in the checks tab in the PR and then the tflint step see here). img


One that actually works

Since we already tested it and it failed as expected we can now fix it, and now that reviewdog and tflint are happy with our commit we can just merge it (just change t1 to t2 in the main.tf file). img


Closing notes

For me this seems particularly useful because it can catch a lot of errors that sometimes are hard for the eye to catch, specially when we are talking of typos, it’s also a good practice to lint your code so there you go, I hope you give this a shot and have in mind that reviewdog can review a lot of different languages, I just picked terraform because it’s what I’m using the most lately.


Errata

If you spot any error or have any suggestion, please send me a message so it gets fixed.

Also, you can check the source code and changes in the generated code and the sources here



No account? Register here

Already registered? Sign in to your account now.

Sign in with GitHub
Sign in with Google

  • Comments

    Online: 0

Please sign in to be able to write comments.

by Gabriel Garrido