chore(CI): add repo tflint rules (#203)

GoogleCloudPlatform · Aug 12, 2024 · bbf2936 · bbf2936
1 parent 7980e05
commit bbf2936
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 5 deletions.
diff --git a/.github/.tflint.repo.hcl b/.github/.tflint.repo.hcl
@@ -0,0 +1,75 @@
+# Copyright 2022-2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+// disable all rules by default
+config {
+  disabled_by_default = true
+}
+
+plugin "terraform" {
+  enabled = true
+}
+
+rule "terraform_deprecated_index" {
+  enabled = true
+}
+
+rule "terraform_deprecated_interpolation" {
+  enabled = true
+}
+
+rule "terraform_empty_list_equality" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_module_version" {
+  enabled = true
+}
+
+rule "terraform_unused_declarations" {
+  enabled = true
+}
+
+// module specific
+rule "terraform_documented_outputs" {
+  enabled = true
+}
+
+rule "terraform_documented_variables" {
+  enabled = true
+}
+
+rule "terraform_module_pinned_source" {
+  enabled = true
+}
+
+rule "terraform_module_version" {
+  enabled = true
+}
+
+rule "terraform_required_providers" {
+  enabled = true
+}
+
+rule "terraform_required_version" {
+  enabled = true
+}
+
+rule "terraform_typed_variables" {
+  enabled = true
+}
diff --git a/3-appfactory/modules/app-group-baseline/README.md b/3-appfactory/modules/app-group-baseline/README.md
@@ -8,7 +8,7 @@
 | bucket\_force\_destroy | When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects. | `bool` | `false` | no |
 | bucket\_prefix | Name prefix to use for buckets created. | `string` | `"bkt"` | no |
 | cloudbuild\_sa\_roles | Optional to assign to custom CloudBuild SA. Map of project name or any static key to object with list of roles. Keys much match keys from var.envs | <pre>map(object({<br>    roles = list(string)<br>  }))</pre> | `{}` | no |
-| create\_env\_projects | n/a | `bool` | `true` | no |
+| create\_env\_projects | Create environment-specific application infra projects | `bool` | `true` | no |
 | env\_project\_apis | List of APIs to enable for environment-specific application infra projects | `list(string)` | <pre>[<br>  "iam.googleapis.com",<br>  "cloudresourcemanager.googleapis.com",<br>  "serviceusage.googleapis.com",<br>  "cloudbilling.googleapis.com"<br>]</pre> | no |
 | envs | Environments | <pre>map(object({<br>    billing_account    = string<br>    folder_id          = string<br>    network_project_id = string<br>    network_self_link  = string<br>    org_id             = string<br>    subnets_self_links = list(string)<br>  }))</pre> | n/a | yes |
 | folder\_id | Folder ID of parent folder for application admin resources. If deploying on the enterprise foundation blueprint, this is usually the 'common' folder. | `string` | n/a | yes |

diff --git a/3-appfactory/modules/app-group-baseline/variables.tf b/3-appfactory/modules/app-group-baseline/variables.tf
@@ -48,8 +48,9 @@ variable "envs" {
 }
 
 variable "create_env_projects" {
-  type    = bool
-  default = true
+  type        = bool
+  default     = true
+  description = "Create environment-specific application infra projects"
 }
 
 variable "env_project_apis" {

diff --git a/5-appinfra/modules/cicd-pipeline/versions.tf b/5-appinfra/modules/cicd-pipeline/versions.tf
@@ -19,10 +19,12 @@ terraform {
 
   required_providers {
     google = {
-      source = "hashicorp/google"
+      source  = "hashicorp/google"
+      version = ">= 5, < 6"
     }
     google-beta = {
-      source = "hashicorp/google-beta"
+      source  = "hashicorp/google-beta"
+      version = ">= 5, < 6"
     }
   }
 

diff --git a/5-appinfra/modules/env_baseline/versions.tf b/5-appinfra/modules/env_baseline/versions.tf
@@ -17,6 +17,17 @@
 terraform {
   required_version = ">= 1.3"
 
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 5, < 6"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3"
+    }
+  }
+
   provider_meta "google" {
     module_name = "blueprints/terraform/terraform-google-enterprise-application:bootstrap/v0.1.0"
   }