Add terraform validation

cal-itp · Feb 13, 2025 · 531ad66 · 531ad66
1 parent fef62d6
commit 531ad66
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 5 deletions.
diff --git a/.github/workflows/terraform-report.yml b/.github/workflows/terraform-report.yml
@@ -1,14 +1,77 @@
-name: Report pending terraform changes
+name: Terraform Validation
 
 on:
   pull_request:
-    branches:
-      - 'main'
-      - 'targets/*'
     paths:
-      - 'iac/terraform/*'
+      - 'iac/*'
 
 jobs:
+  targets:
+    runs-on: ubuntu-latest
+    outputs:
+      paths: ${{ steps.ls.outputs.paths }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Discover Terraform targets
+        id: ls
+        run: echo "paths=$(ls -d iac/*/* | jq --raw-input --slurp --compact-output 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT}
+
+  lint:
+    runs-on: ubuntu-latest
+    needs: targets
+    strategy:
+      matrix:
+        path: ${{ fromJson(needs.targets.outputs.paths) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Terraform Formatting
+        uses: dflook/terraform-fmt-check@v1
+        with:
+          path: ${{ matrix.path }}
+
+  validate:
+    runs-on: ubuntu-latest
+    needs: targets
+    strategy:
+      matrix:
+        path: ${{ fromJson(needs.targets.outputs.paths) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Terraform Validation
+        uses: dflook/terraform-validate@v1
+        with:
+          path: ${{ matrix.path }}
+
+  plan:
+    runs-on: ubuntu-latest
+    needs: targets
+    strategy:
+      matrix:
+        path: ${{ fromJson(needs.targets.outputs.paths) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - run: echo ${{ matrix.path }}
+
+      - uses: 'google-github-actions/auth@v2'
+        with:
+          credentials_json: '${{ secrets.GCP_SA_KEY }}'
+
+      - uses: google-github-actions/setup-gcloud@v2
+
+      - name: Terraform Plan
+        uses: dflook/terraform-plan@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          path: ${{ matrix.path }}
 
   changed:
 

diff --git a/iac/README.md b/iac/README.md
@@ -1,2 +1,3 @@
 # Infrastructure as Code (IaC)
 
+This subdirectory contains the Terraform configuration for Google Cloud.
Original file line number	Diff line number	Diff line change
		@@ -1,2 +1,3 @@
		# Infrastructure as Code (IaC)

		This subdirectory contains the Terraform configuration for Google Cloud.