feat: terraform validation

3fca397b · Andrew Newdigate · 6814552e · 3fca397b · 3fca397b
Unverified Commit 3fca397b authored 2 years ago by Andrew Newdigate
--- a/README.md
+++ b/README.md
@@ -234,3 +234,26 @@ include:
  - project: 'gitlab-com/gl-infra/common-ci-tasks'
    file: terraform-format.yml
 ```
+
+### [`terraform-validate`](./terraform-validate.yml)
+
+Runs [`terraform validate`](https://www.terraform.io/cli/commands/validate) to ensure that all Terraform files are correctly formatted.
+
+1. Ensure that the `GL_ASDF_TERRAFORM_VERSION` version for terraform is configured.
+
+```yaml
+stages:
+  - validate
+
+# Not needed if .gitlab-ci-asdf-versions.yml is included...
+variables:
+  GL_ASDF_TERRAFORM_VERSION: ...
+
+include:
+  # Not required, but recommended
+  - local: .gitlab-ci-asdf-versions.yml
+
+  # Ensures that all terraform files are syntactically valid
+  - project: 'gitlab-com/gl-infra/common-ci-tasks'
+    file: terraform-validate.yml
+```
--- a/terraform-validate.yml
+++ b/terraform-validate.yml
+tflint:
+  stage: validate
+  needs: []
+  image:
+    name: hashicorp/terraform:${GL_ASDF_TERRAFORM_VERSION}
+    entrypoint: [""]
+  script:
+    # Loop through all the directories containing *.tf files and run terraform validate in them
+    - find . -type f -name '*.tf' -exec dirname {} \;|sort -u|grep -v "${TF_VALIDATE_EXCLUDE_REGEX:-__none__}" | while read -r dir; do
+        echo "${dir} -------------------------------------------------------";
+        cd "${CI_PROJECT_DIR}/${dir}" || exit 1;
+        terraform init -backend=false -reconfigure;
+        terraform validate || touch "${CI_PROJECT_DIR}/tf-validate-failed";
+      done;
+    # tf-validate-failed indicates a linter failure
+    - if [ -f "${CI_PROJECT_DIR}/tf-validate-failed" ]; then exit 1; fi
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH