InfrastructureAWSGoDatabaseMonitoringRaspberryPIPythonTerraformGitAIDIYData Analytics
Catalogue
Adding the tflint linter for Terraform and running syntax checks in GitHub Actions
Posted 2023-04-05Terraform2 minutes read (About 349 words)

Adding the tflint linter for Terraform and running syntax checks in GitHub Actions

🌐 日本語で読む

ToC

I introduced tflint as a linter for Terraform,
and since running the checks in GitHub Actions worked out well, I’m writing it up here.

Installing with asdf

With asdf you can install and switch between multiple versions.

Install via asdf:

1
asdf plugin-add tflint https://github.com/skyzyx/asdf-tflint

Configuring GitHub Actions

This is the configuration that runs tflint when a Pull Request is created or updated.

It runs tflint for each of the following directories:

  • envs/prd
  • envs/stg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
name: Lint

on: [pull_request]

jobs:
  tflint:
    name: tflint
    timeout-minutes: 3
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        directory: ['envs/prd', 'envs/stg']

    steps:
      - uses: actions/checkout@v3

      - name: Pick terraform_version
        id: tflint
        run: echo "tflint_version=$(grep tflint .tool-versions | awk '{print $2}')" >> $GITHUB_OUTPUT

      - uses: terraform-linters/setup-tflint@v3
        name: Setup TFLint
        with:
          tflint_version: v${{ steps.tflint.outputs.tflint_version }}

      - name: Init TFLint
        run: tflint --init
        working-directory: ./${{ matrix.directory }}
        env:
          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
          GITHUB_TOKEN: ${{ github.token }}

      - name: Execute tflint
        run: tflint
        working-directory: ./${{ matrix.directory }}

timeout-minutes: 3

It usually completes in less than a minute, but since three minutes is more than enough to finish
and to avoid unintentionally long-running executions, I set it to time out after 3 minutes.

This depends on the number of resources, so adjust it as appropriate.

Why specify GITHUB_TOKEN

I thought it might not be necessary, but the official docs include the following comment:

When you install plugins with tflint –init, TFLint calls the GitHub API to get release metadata. By default, this is an unauthenticated request, subject to a rate limit of 60 requests per hour per IP address.

Because unauthenticated requests are subject to a rate limit of 60 requests per hour per IP address,
you need to set this in order to avoid that limit.

That’s all.
I hope this is helpful.

Adding the tflint linter for Terraform and running syntax checks in GitHub Actions

https://kenzo0107.github.io/en/2023/04/05/tflint-is-good/

Author

Kenzo Tanaka

Posted on

2023-04-05

Licensed under

Like this article? Support the author with

×