Skip to content

padok-team/github-workflows

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

94 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

github-workflows

Shared GitHub workflows, to be referenced by other Padok projects.

The following reusable workflows are available in .github/workflows:

Name Description Must have
release Configure Release Please to automate GitHub release creation
semantic-check Check that pull requests follow Conventional Commits
terraform-docs Update Terraform module documentation using terraform-docs
terraform-quality Run several linter and static analysis tools on Terraform code
terragrunt-quality Run several linter and static analysis tools on Terragrunt code

Usage

To use these workflows in your project, copy files from the folders listed below, and paste them in the .github/workflows/ folder in your own repo.

  • global: for all your projects
  • terraform: useful for Terraform modules
  • terragrunt : Use for Terragrunt project and terraform modules

Your repo should have the following structure:

.
├── .github
│   ├── CODEOWNERS
│   └── workflows
│       ├── release.yml
│       ├── semantic-check.yml
│       ├── terraform-docs.yml
│       └── terraform-quality.yml
├── .gitignore
├── LICENSE
├── main.tf
├── README.md
├── renovate.json
└── ... (other files)

Workflow Designs

terragrunt-quality workflow

  • tenvmake sure that the correct version of Terraform and terragrunt is used
  • terraform fmt to check the basic formatting of Terraform code
  • terragrunt hclfmt to check the formatting of terragrunt hcl files
  • guacamole check the code quality
  • checkov to check for security issues

terraform-quality workflow

There are several tools to ensure that Terraform code is secure and follows best practices. We selected the following ones:

  • tfswitch make sure that the correct version of Terraform is used
  • terraform fmt to check the basic formatting of Terraform code
  • terraform validate to check the validity of Terraform code
  • tflint to check for code quality issues
  • checkov to check for security issues

The following tools were considered but ultimately not included:

  • tfsec is redundant with checkov, and from Padok's experience, the latter is more reliable
  • terrascan has not been tested by Padok yet
  • terraform docs is delegated to another workflow, since it could add a commit to the pull request

Feel free to suggest other tools to add to this workflow!

License

License