diff --git a/.automation/test/terragrunt/README.md b/.automation/test/terragrunt/README.md new file mode 100644 index 00000000..d0f43321 --- /dev/null +++ b/.automation/test/terragrunt/README.md @@ -0,0 +1,19 @@ +# Terragrunt Test Cases + +This folder holds the test cases for **Terragrunt**. + +## Additional Docs + +No Additional information is needed for this test case. + +## Good Test Cases + +The test cases denoted: `LANGUAGE_good_FILE.EXTENSION` are all valid, and should pass successfully when linted. + +- **Note:** They are linted utilizing the default linter rules. + +## Bad Test Cases + +The test cases denoted: `LANGUAGE_bad_FILE.EXTENSION` are **NOT** valid, and should trigger errors when linted. + +- **Note:** They are linted utilizing the default linter rules. diff --git a/.automation/test/terragrunt/terragrunt_bad_1.hcl b/.automation/test/terragrunt/terragrunt_bad_1.hcl new file mode 100644 index 00000000..a70d8240 --- /dev/null +++ b/.automation/test/terragrunt/terragrunt_bad_1.hcl @@ -0,0 +1,18 @@ +include { + path = find_in_parent_folders() +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite" + } + config = { + bucket = "my-terraform-state" + key = "${path_relative_to_include()}/terraform.tfstate" + region = "us-east-1" + encrypt = true + dynamodb_table = "my-lock-table" + } +} diff --git a/.automation/test/terragrunt/terragrunt_good_1.hcl b/.automation/test/terragrunt/terragrunt_good_1.hcl new file mode 100644 index 00000000..b6a9c1d4 --- /dev/null +++ b/.automation/test/terragrunt/terragrunt_good_1.hcl @@ -0,0 +1,18 @@ +include { + path = find_in_parent_folders() +} + +remote_state { + backend = "s3" + generate = { + path = "backend.tf" + if_exists = "overwrite" + } + config = { + bucket = "my-terraform-state" + key = "${path_relative_to_include()}/terraform.tfstate" + region = "us-east-1" + encrypt = true + dynamodb_table = "my-lock-table" + } +} diff --git a/Dockerfile b/Dockerfile index 5e0b945e..5873d848 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,6 +14,7 @@ FROM golangci/golangci-lint:v1.31.0 as golangci-lint FROM yoheimuta/protolint:v0.26.0 as protolint FROM koalaman/shellcheck:v0.7.1 as shellcheck FROM wata727/tflint:0.20.2 as tflint +FROM alpine/terragrunt:0.13.4 as terragrunt FROM mvdan/shfmt:v3.1.2 as shfmt FROM accurics/terrascan:d182f1c as terrascan FROM hadolint/hadolint:latest-alpine as dockerfile-lint @@ -211,6 +212,11 @@ COPY --from=tflint /usr/local/bin/tflint /usr/bin/ COPY --from=terrascan /go/bin/terrascan /usr/bin/ RUN terrascan init +###################### +# Install Terragrunt # +###################### +COPY --from=terragrunt /usr/local/bin/terragrunt /usr/bin/ + ###################### # Install protolint # ###################### diff --git a/README.md b/README.md index 84fe50d3..566c547b 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,7 @@ Developers on **GitHub** can call the **GitHub Action** to lint their code base | **Snakemake** | [snakefmt](https://github.com/snakemake/snakefmt/) / [snakemake --lint](https://snakemake.readthedocs.io/en/stable/snakefiles/writing_snakefiles.html#best-practices) | | **SQL** | [sql-lint](https://github.com/joereynolds/sql-lint) | | **Terraform** | [tflint](https://github.com/terraform-linters/tflint) / [terrascan](https://github.com/accurics/terrascan) | +| **Terragrunt** | [terragrunt](https://github.com/gruntwork-io/terragrunt) | | **TypeScript** | [eslint](https://eslint.org/) / [standard js](https://standardjs.com/) | | **XML** | [LibXML](http://xmlsoft.org/) | | **YAML** | [YamlLint](https://github.com/adrienverge/yamllint) | @@ -274,6 +275,7 @@ But if you wish to select or exclude specific linters, we give you full control | **VALIDATE_SQL** | `true` | Flag to enable or disable the linting process of the SQL language. | | **VALIDATE_TERRAFORM** | `true` | Flag to enable or disable the linting process of the Terraform language. | | **VALIDATE_TERRAFORM_TERRASCAN** | `true` | Flag to enable or disable the linting process of the Terraform language for security related issues. | +| **VALIDATE_TERRAGRUNT** | `true` | Flag to enable or disable the linting process for Terragrunt files. | | **VALIDATE_TSX** | `true` | Flag to enable or disable the linting process for tsx files (Utilizing: eslint) | | **VALIDATE_TYPESCRIPT_ES** | `true` | Flag to enable or disable the linting process of the Typescript language. (Utilizing: eslint) | | **VALIDATE_TYPESCRIPT_STANDARD** | `true` | Flag to enable or disable the linting process of the Typescript language. (Utilizing: standard) | diff --git a/docs/disabling-linters.md b/docs/disabling-linters.md index 280c27d6..006f281a 100644 --- a/docs/disabling-linters.md +++ b/docs/disabling-linters.md @@ -1201,6 +1201,28 @@ shfmt [supports EditorConfig files for configuration](https://github.com/mvdan/s --- +## Terragrunt + +- [terragrunt](https://github.com/gruntwork-io/terragrunt) + +### Terragrunt standard Config file + +- There is currently **No** Terragrunt format config rules file + +### Terragrunt disable single line + +- There is currently **No** way to disable rules inline of the file(s) + +### Terragrunt disable code block + +- There is currently **No** way to disable rules inline of the file(s) + +### Terragrunt disable entire file + +- There is currently **No** way to disable rules inline of the file(s) + +--- + ## Typescript eslint - [eslint](https://eslint.org/) diff --git a/lib/buildFileList.sh b/lib/buildFileList.sh index d2c3fbc8..cace7e9d 100755 --- a/lib/buildFileList.sh +++ b/lib/buildFileList.sh @@ -439,6 +439,15 @@ function BuildFileList() { FILE_ARRAY_TERRAFORM+=("${FILE}") FILE_ARRAY_TERRAFORM_TERRASCAN+=("${FILE}") + ############################ + # Get the Terragrunt files # + ############################ + elif [ "${FILE_TYPE}" == "hcl" ]; then + ################################ + # Append the file to the array # + ################################ + FILE_ARRAY_TERRAGRUNT+=("${FILE}") + ############################ # Get the TypeScript files # ############################ diff --git a/lib/linter.sh b/lib/linter.sh index 38d4f361..43a06a91 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -170,7 +170,7 @@ LANGUAGE_ARRAY=('ANSIBLE' 'ARM' 'BASH' 'BASH_EXEC' 'CLOUDFORMATION' 'CLOJURE' 'C 'JAVA' 'JAVASCRIPT_ES' 'JAVASCRIPT_STANDARD' 'JSON' 'JSX' 'KUBERNETES_KUBEVAL' 'KOTLIN' 'LATEX' 'LUA' 'MARKDOWN' 'OPENAPI' 'PERL' 'PHP_BUILTIN' 'PHP_PHPCS' 'PHP_PHPSTAN' 'PHP_PSALM' 'POWERSHELL' 'PROTOBUF' 'PYTHON_BLACK' 'PYTHON_PYLINT' 'PYTHON_FLAKE8' 'R' 'RAKU' 'RUBY' 'SHELL_SHFMT' 'SNAKEMAKE_LINT' 'SNAKEMAKE_SNAKEFMT' 'STATES' 'SQL' 'TERRAFORM' - 'TERRAFORM_TERRASCAN' 'TSX' 'TYPESCRIPT_ES' 'TYPESCRIPT_STANDARD' 'XML' 'YAML') + 'TERRAFORM_TERRASCAN' 'TERRAGRUNT' 'TSX' 'TYPESCRIPT_ES' 'TYPESCRIPT_STANDARD' 'XML' 'YAML') ############################################ # Array for all languages that were linted # @@ -1606,6 +1606,16 @@ if [ "${VALIDATE_TERRAFORM_TERRASCAN}" == "true" ]; then LintCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan scan -p /root/.terrascan/pkg/policies/opa/rego/ -t aws -f " "${FILTER_REGEX_INCLUDE}" "${FILTER_REGEX_EXCLUDE}" "${FILE_ARRAY_TERRAFORM_TERRASCAN[@]}" fi +################################ +# TERRAGRUNT TERRASCAN LINTING # +################################ +if [ "${VALIDATE_TERRAGRUNT}" == "true" ]; then + ############################# + # Lint the Terragrunt files # + ############################# + LintCodebase "TERRAGRUNT" "terragrunt" "terragrunt hclfmt --terragrunt-check --terragrunt-hclfmt-file " "${FILTER_REGEX_INCLUDE}" "${FILTER_REGEX_EXCLUDE}" "${FILE_ARRAY_TERRAGRUNT[@]}" +fi + ############### # TSX LINTING # ############### diff --git a/lib/worker.sh b/lib/worker.sh index 9b45809e..018d1c3e 100755 --- a/lib/worker.sh +++ b/lib/worker.sh @@ -161,6 +161,9 @@ function LintCodebase() { elif [[ ${FILE_TYPE} == "SHELL_SHFMT" ]] && ! IsValidShellScript "${FILE}"; then # not a valid script and we need to skip continue + elif [[ ${FILE_TYPE} == "TERRAGRUNT" ]] && [[ ${FILE} == *".tflint.hcl"* ]]; then + # This is likely a tflint configuration file and should not be linted by Terragrunt + continue fi ################################## @@ -691,6 +694,7 @@ function RunTestCases() { TestCodebase "SQL" "sql-lint" "sql-lint --config ${SQL_LINTER_RULES}" ".*\.\(sql\)\$" "sql" TestCodebase "TERRAFORM" "tflint" "tflint -c ${TERRAFORM_LINTER_RULES}" ".*\.\(tf\)\$" "terraform" TestCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan scan -p /root/.terrascan/pkg/policies/opa/rego/ -t aws -f " ".*\.\(tf\)\$" "terraform_terrascan" + TestCodebase "TERRAGRUNT" "terragrunt" "terragrunt hclfmt --terragrunt-check --terragrunt-hclfmt-file " ".*\.\(hcl\)\$" "terragrunt" TestCodebase "TYPESCRIPT_ES" "eslint" "eslint --no-eslintrc -c ${TYPESCRIPT_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "TYPESCRIPT_STANDARD" "standard" "standard --parser @typescript-eslint/parser --plugin @typescript-eslint/eslint-plugin ${TYPESCRIPT_STANDARD_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "XML" "xmllint" "xmllint" ".*\.\(xml\)\$" "xml"