From 22564fb65c88fd48812290253a138a330d3aa03d Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Fri, 15 Dec 2023 10:29:34 +0100 Subject: [PATCH] Switch to tflint image because tflint-bundle is deprecated (#4990) * Switch to tflint image because tflint-bundle is deprecated * Fix version string * Don't copy plugins * Don't copy plugins * Set terraform log vars globally * Fix tflint error --- .github/linters/.tflint.hcl | 7 ------- Dockerfile | 4 +--- TEMPLATES/.tflint.hcl | 19 +++++++++++++++++++ lib/functions/detectFiles.sh | 14 ++++---------- lib/functions/worker.sh | 6 +++--- lib/linter.sh | 11 +++++++++++ 6 files changed, 38 insertions(+), 23 deletions(-) delete mode 100644 .github/linters/.tflint.hcl diff --git a/.github/linters/.tflint.hcl b/.github/linters/.tflint.hcl deleted file mode 100644 index f5cfdb77..00000000 --- a/.github/linters/.tflint.hcl +++ /dev/null @@ -1,7 +0,0 @@ -config { - module = true -} - -plugin "aws" { - enabled = true -} diff --git a/Dockerfile b/Dockerfile index b29ab50f..692fe3a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ FROM alpine/terragrunt:1.6.5 as terragrunt FROM ghcr.io/assignuser/chktex-alpine:v0.2.0 as chktex FROM dotenvlinter/dotenv-linter:3.3.0 as dotenv-linter FROM ghcr.io/awkbar-devops/clang-format:v1.0.2 as clang-format -FROM ghcr.io/terraform-linters/tflint-bundle:v0.48.0.0 as tflint +FROM ghcr.io/terraform-linters/tflint:v0.48.0 as tflint FROM ghcr.io/yannh/kubeconform:v0.6.4 as kubeconfrm FROM golang:1.21.5-alpine as golang FROM golangci/golangci-lint:v1.55.2 as golangci-lint @@ -130,7 +130,6 @@ COPY --from=terraform /bin/terraform /usr/bin/ # Install TFLint # ################## COPY --from=tflint /usr/local/bin/tflint /usr/bin/ -COPY --from=tflint /root/.tflint.d /root/.tflint.d ##################### # Install Terrascan # @@ -339,7 +338,6 @@ COPY --from=base_image /lib/ /lib/ COPY --from=base_image /bin/ /bin/ COPY --from=base_image /node_modules/ /node_modules/ COPY --from=base_image /home/r-library /home/r-library -COPY --from=base_image /root/.tflint.d/ /root/.tflint.d/ COPY --from=python_builder /venvs/ /venvs/ ################################## diff --git a/TEMPLATES/.tflint.hcl b/TEMPLATES/.tflint.hcl index 1c8f7d3a..98a41ca0 100644 --- a/TEMPLATES/.tflint.hcl +++ b/TEMPLATES/.tflint.hcl @@ -4,6 +4,25 @@ config { force = false } +plugin "terraform" { + enabled = true + preset = "recommended" +} + plugin "aws" { enabled = true + version = "0.28.0" + source = "github.com/terraform-linters/tflint-ruleset-aws" +} + +plugin "azurerm" { + enabled = true + version = "0.25.1" + source = "github.com/terraform-linters/tflint-ruleset-azurerm" +} + +plugin "google" { + enabled = true + version = "0.26.0" + source = "github.com/terraform-linters/tflint-ruleset-google" } diff --git a/lib/functions/detectFiles.sh b/lib/functions/detectFiles.sh index ab162965..67ccffd4 100755 --- a/lib/functions/detectFiles.sh +++ b/lib/functions/detectFiles.sh @@ -504,18 +504,12 @@ function RunAdditionalInstalls() { if [ "${VALIDATE_TERRAFORM_TFLINT}" == "true" ] && [ "${#FILE_ARRAY_TERRAFORM_TFLINT[@]}" -ne 0 ]; then info "Detected TFLint Language files to lint." info "Trying to install the TFLint init inside:[${WORKSPACE_PATH}]" - # Set the log level - TF_LOG_LEVEL="info" - if [ "${ACTIONS_RUNNER_DEBUG}" = "true" ]; then - TF_LOG_LEVEL="debug" - fi - debug "Set the tflint log level to: ${TF_LOG_LEVEL}" ######################### # Run the build command # ######################### BUILD_CMD=$( cd "${WORKSPACE_PATH}" || exit 0 - TFLINT_LOG="${TF_LOG_LEVEL}" tflint --init -c "${TERRAFORM_TFLINT_LINTER_RULES}" 2>&1 + tflint --init -c "${TERRAFORM_TFLINT_LINTER_RULES}" 2>&1 ) ############## @@ -527,10 +521,10 @@ function RunAdditionalInstalls() { # Check the shell for errors # ############################## if [ "${ERROR_CODE}" -ne 0 ]; then - fatal "ERROR! Failed to run:[tflint --init] at location:[${WORKSPACE_PATH}]. BUILD_CMD:[${BUILD_CMD}]" + fatal "ERROR! Failed to initialize tflint with the ${TERRAFORM_TFLINT_LINTER_RULES} config file: ${BUILD_CMD}" else - info "Successfully ran:[tflint --init] in workspace:[${WORKSPACE_PATH}]" - debug "BUILD_CMD:[${BUILD_CMD}]" + info "Successfully initialized tflint with the ${TERRAFORM_TFLINT_LINTER_RULES} config file" + debug "Tflint output: ${BUILD_CMD}" fi fi } diff --git a/lib/functions/worker.sh b/lib/functions/worker.sh index ff537c9b..cf963458 100755 --- a/lib/functions/worker.sh +++ b/lib/functions/worker.sh @@ -299,9 +299,9 @@ function LintCodebase() { cd "${WORKSPACE_PATH}" || exit RENOVATE_CONFIG_FILE="${FILE}" ${LINTER_COMMAND} 2>&1 ) - ############################################################################################ - # Corner case for TERRAFORM_TFLINT as it cant use the full path and needs to fetch modules # - ############################################################################################ + ############################################################################################# + # Corner case for TERRAFORM_TFLINT as it can't use the full path and needs to fetch modules # + ############################################################################################# elif [[ ${FILE_TYPE} == "TERRAFORM_TFLINT" ]]; then # Check the cache to see if we've already prepped this directory for tflint if [[ ! -v "TFLINT_SEEN_DIRS[${DIR_NAME}]" ]]; then diff --git a/lib/linter.sh b/lib/linter.sh index 93ed5060..2389336e 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -119,6 +119,17 @@ export VERSION_FILE # Workaround SC2034 debug "CREATE_LOG_FILE: ${CREATE_LOG_FILE}" +# Set the log level +TF_LOG_LEVEL="info" +if [ "${ACTIONS_RUNNER_DEBUG}" = "true" ]; then + TF_LOG_LEVEL="debug" +fi +export TF_LOG_LEVEL +debug "TF_LOG_LEVEL: ${TF_LOG_LEVEL}" +TFLINT_LOG="${TF_LOG_LEVEL}" +export TFLINT_LOG +debug "TFLINT_LOG: ${TFLINT_LOG}" + ############### # Rules files # ###############