feat: add tflint support

README.md

@@ -179,3 +179,30 @@ include:
     ref: v0.0.0 # Look this up https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/releases
     file: asdf-tool-versions.yml
 ```
+
+### [`tflint`](./tflint.yml)
+
+Runs [`tflint`](https://github.com/terraform-linters/tflint) across all directories that contain `*.tf` files.
+
+Setup process:
+
+1. Ensure that a [`.tflint.hcl`](https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/config.md) file exists in the root of the project.
+1. Ensure that the `GL_ASDF_TFLINT_VERSION` version for tflint is configured.
+1. The task will generate a [junit test output file](https://docs.gitlab.com/ee/ci/unit_test_reports.html) for any failed linter checks.
+
+```yaml
+stages:
+  - validate
+
+# Not needed if .gitlab-ci-asdf-versions.yml is included...
+variables:
+  GL_ASDF_TFLINT_VERSION: ...
+
+include:
+  # Not required, but recommended
+  - local: .gitlab-ci-asdf-versions.yml
+
+  # Runs tflint on all terraform module directories
+  - project: 'gitlab-com/gl-infra/common-ci-tasks'
+    file: tflint.yml
+```

tflint.yml

+
+tflint:
+  stage: validate
+  needs: []
+  image:
+    name: ghcr.io/terraform-linters/tflint:v${GL_ASDF_TFLINT_VERSION}
+    entrypoint: ['/bin/sh', '-c']
+  script:
+    - mkdir -p "tflint-reports/"
+    # Find all TF files and lint the directories of those files
+    # See http://mywiki.wooledge.org/BashFAQ/024 for bash while subshell issue
+    - while read -r dir; do
+        junit_file="$(echo "$dir"|sed -r s/[^a-zA-Z0-9]+/-/g | sed -r s/^-+\|-+$//g).xml";
+        tflint -c ".tflint.hcl" --init "${dir}";
+        tflint -c ".tflint.hcl" "${dir}" -f compact || failed=1;
+        tflint -c ".tflint.hcl" "${dir}" -f junit > "tflint-reports/${junit_file}" || failed=1;
+      done < <(find . -type f -name '*.tf' -exec dirname {} \;|sort -u);
+      if [ "${failed}" == "1" ]; then exit 1; fi
+  artifacts:
+    when: always
+    reports:
+      junit: tflint-reports/**