.github/workflows/terraform.pull_requests.lint.yaml

name: IaaS - Terraform CI (for pull requests) - Lint

on:
  workflow_call:
    inputs:
      terraform_workdir:
        description: Working directory where Terraform files are
        required: false
        default: "."
        type: string
      terraform_version:
        description: Terraform version that should we use (latest by default)
        required: false
        type: string


jobs:
  # Terraform validate checks if your TF files are in a canonical format and without HCL issues
  terraform_validate:
    name: Terraform files validation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
      - uses: hashicorp/setup-terraform@bbe167fbdaa1a3bd046bdd70eba9dd3dddcca99c # tag=v2.0.2
        with:
          terraform_version: ${{ inputs.terraform_version }}
      - name: Pre-hook Terraform workflow
        id: pre
        run: |
          # Setup `workdir` suffix used to give more information during execution
          print('::set-output name=workdir::%s' % ('' if '${{ inputs.terraform_workdir }}' == '.' else '(${{ inputs.terraform_workdir }})'))
        shell: python

      # --- `terraform fmt`
      - name: Check if all Terraform configuration files are in a canonical format ${{ steps.pre.outputs.workdir }}
        id: fmt
        run: terraform fmt -check -recursive -diff -no-color
        working-directory: ${{ inputs.terraform_workdir }}
      - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1
        if: failure() && steps.fmt.outcome == 'failure'
        with:
          recreate: true
          header: tf::${{ steps.pre.outputs.workdir }}
          message: |
            # Terraform CI/CD ${{ steps.pre.outputs.workdir }}

            - [ ] :paintbrush: Check if all Terraform configuration files are in a canonical format

            ### 🚫 Failure reason
            ```terraform
            ${{ steps.fmt.outputs.stdout }}
            ```
            <br/>

            > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**).  See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._

      # --- `terraform init`
      - name: Initialize Terraform working directory ${{ steps.pre.outputs.workdir }}
        id: init
        env:
          TF_IN_AUTOMATION: yes
        run: terraform init -no-color -backend=false
        working-directory: ${{ inputs.terraform_workdir }}
      - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1
        if: failure() && steps.init.outcome == 'failure'
        with:
          recreate: true
          header: tf::${{ steps.pre.outputs.workdir }}
          message: |
            # Terraform CI/CD ${{ steps.pre.outputs.workdir }}

            - [x] :paintbrush: Check if all Terraform configuration files are in a canonical format
            - [ ] :hammer_and_wrench: Validate the configuration files

            ### 🚫 Failure reason
            ```
            ${{ steps.init.outputs.stderr }}
            ```
            <br/>

            > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**).  See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._

      # --- `terraform validate`
      - name: Validate the configuration files ${{ steps.pre.outputs.workdir }}
        id: validate
        env:
          TF_IN_AUTOMATION: yes
        run: terraform validate -no-color
        working-directory: ${{ inputs.terraform_workdir }}
      - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1
        if: failure() && steps.validate.outcome == 'failure'
        with:
          recreate: true
          header: tf::${{ steps.pre.outputs.workdir }}
          message: |
            # Terraform CI/CD ${{ steps.pre.outputs.workdir }}

            - [x] :paintbrush: Check if all Terraform configuration files are in a canonical format
            - [ ] :hammer_and_wrench: Validate the configuration files

            ### 🚫 Failure reason
            ```
            ${{ steps.validate.outputs.stderr }}
            ```
            <br/>

            > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**).  See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._
      - uses: marocchino/sticky-pull-request-comment@97bddef64db61b9d80edc69593cc4e4c415c3362 # tag=v2.2.1
        if: success()
        with:
          recreate: true
          header: tf::${{ steps.pre.outputs.workdir }}
          message: |
            # Terraform CI/CD ${{ steps.pre.outputs.workdir }}

            - [x] :paintbrush: Check if all Terraform configuration files are in a canonical format
            - [x] :hammer_and_wrench: Validate the configuration files

            > _Report based on commit ${{ github.sha }} (authored by **@${{ github.actor }}**).  See [`actions#${{ github.run_id }}`](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) for more details._