From 537481121ddeeb36205bc070fb12cd29378762c6 Mon Sep 17 00:00:00 2001 From: Pat Heard Date: Fri, 17 May 2024 13:51:44 -0400 Subject: [PATCH 1/4] feat: add TF var and conventional commit workflows Add a workflow that checks that the GitHub workflow Terraform variables definied as TF_VAR prefixed environment variables have a matching `variable` definition in the codebase. This will help prevent accidental misconfigurations between the workflows and Terraform code. Add a workflow that makes sure all commits follow the conventional commit style. This will help ensure that the Release Please changelog contains all PRs. --- .../workflows/conventional-commit-lint.yml | 34 +++++++++++++++++++ .../scripts/terraform-variable-check.sh | 19 +++++++++++ .../workflows/terraform-variable-check.yml | 21 ++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 .github/workflows/conventional-commit-lint.yml create mode 100755 .github/workflows/scripts/terraform-variable-check.sh create mode 100644 .github/workflows/terraform-variable-check.yml diff --git a/.github/workflows/conventional-commit-lint.yml b/.github/workflows/conventional-commit-lint.yml new file mode 100644 index 000000000..2896c79e9 --- /dev/null +++ b/.github/workflows/conventional-commit-lint.yml @@ -0,0 +1,34 @@ +name: Conventional commit lint + +on: + pull_request: + +jobs: + conventional-commit-lint: + runs-on: ubuntu-latest + steps: + - name: Get all PR commits + 1 + run: echo "PR_FETCH_DEPTH=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> "${GITHUB_ENV}" + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + ref: ${{ github.event.pull_request.head.ref }} + fetch-depth: ${{ env.PR_FETCH_DEPTH }} + + - name: Setup Node.js + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: '20.x' + + - name: Setup commitlint + run: | + npm install -g @commitlint/config-conventional @commitlint/cli + + - name: Validate all PR commits + run: | + npx commitlint \ + --extends '@commitlint/config-conventional' \ + --from HEAD~${{ github.event.pull_request.commits }} \ + --to HEAD \ + --verbose diff --git a/.github/workflows/scripts/terraform-variable-check.sh b/.github/workflows/scripts/terraform-variable-check.sh new file mode 100755 index 000000000..fbd9ca48c --- /dev/null +++ b/.github/workflows/scripts/terraform-variable-check.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euo pipefail +IFS=$'\n\t' + +# +# This script checks that all the GitHub workflow Terraform variables defined as `TF_VAR_` prefixed +# environment variables have a matching `variable` definition in the codebase. This is being done +# to prevent accidental mismatches between the GitHub workflow and the Terraform codebase. +# + + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +WORKFLOW_VARS="$(grep -r "^\s*TF_VAR" $SCRIPT_DIR/../ | awk -F ':' '{print $2}' | sort | uniq | sed 's/^[[:blank:]]*TF_VAR_//')" + +# Loop through all the variables in the workflow and check if they are defined in the *.tf code +for VAR in $WORKFLOW_VARS; do + echo "🔎 Checking variable: \"$VAR\"" + grep -r "variable \"$VAR\"" "$SCRIPT_DIR/../../../" || (echo "❌ Variable \"$VAR\" is not defined as a Terraform variable" && exit 1) +done diff --git a/.github/workflows/terraform-variable-check.yml b/.github/workflows/terraform-variable-check.yml new file mode 100644 index 000000000..9e7fc6f33 --- /dev/null +++ b/.github/workflows/terraform-variable-check.yml @@ -0,0 +1,21 @@ +name: Terraform variable check + +on: + pull_request: + branches: + - "develop" + paths: + - "aws/**" + - "env/**" + - ".github/workflows/**" + +jobs: + terraform-variable-check: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Check Terraform variables are defined correctly + run: | + ./.github/workflows/scripts/terraform-variable-check.sh From 880469c2e8d632931b1bbd6a74fce3a6c7f58816 Mon Sep 17 00:00:00 2001 From: Pat Heard Date: Fri, 17 May 2024 13:58:13 -0400 Subject: [PATCH 2/4] fix: limit TF_VAR check to *.tf files --- .github/workflows/scripts/terraform-variable-check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scripts/terraform-variable-check.sh b/.github/workflows/scripts/terraform-variable-check.sh index fbd9ca48c..b1a8d5a00 100755 --- a/.github/workflows/scripts/terraform-variable-check.sh +++ b/.github/workflows/scripts/terraform-variable-check.sh @@ -15,5 +15,5 @@ WORKFLOW_VARS="$(grep -r "^\s*TF_VAR" $SCRIPT_DIR/../ | awk -F ':' '{print $2}' # Loop through all the variables in the workflow and check if they are defined in the *.tf code for VAR in $WORKFLOW_VARS; do echo "🔎 Checking variable: \"$VAR\"" - grep -r "variable \"$VAR\"" "$SCRIPT_DIR/../../../" || (echo "❌ Variable \"$VAR\" is not defined as a Terraform variable" && exit 1) + grep -r --include="*.tf" "variable \"$VAR\"" "$SCRIPT_DIR/../../../" || (echo "❌ Variable \"$VAR\" is not defined as a Terraform variable" && exit 1) done From 29fec688a55e5afc24e8011dc4c643e8e38b266e Mon Sep 17 00:00:00 2001 From: Pat Heard Date: Fri, 17 May 2024 14:14:25 -0400 Subject: [PATCH 3/4] fix: only retrieve PR commits --- .github/workflows/conventional-commit-lint.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/conventional-commit-lint.yml b/.github/workflows/conventional-commit-lint.yml index 2896c79e9..9e192c16e 100644 --- a/.github/workflows/conventional-commit-lint.yml +++ b/.github/workflows/conventional-commit-lint.yml @@ -7,14 +7,11 @@ jobs: conventional-commit-lint: runs-on: ubuntu-latest steps: - - name: Get all PR commits + 1 - run: echo "PR_FETCH_DEPTH=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> "${GITHUB_ENV}" - - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ github.event.pull_request.head.ref }} - fetch-depth: ${{ env.PR_FETCH_DEPTH }} + fetch-depth: ${{ github.event.pull_request.commits }} - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 From 7bce2afe94c58c22b09af1e8e865772e1ef415f2 Mon Sep 17 00:00:00 2001 From: Pat Heard Date: Fri, 17 May 2024 14:16:10 -0400 Subject: [PATCH 4/4] revert: continue to fetch PR commits + 1 --- .github/workflows/conventional-commit-lint.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/conventional-commit-lint.yml b/.github/workflows/conventional-commit-lint.yml index 9e192c16e..8a54591f0 100644 --- a/.github/workflows/conventional-commit-lint.yml +++ b/.github/workflows/conventional-commit-lint.yml @@ -7,11 +7,14 @@ jobs: conventional-commit-lint: runs-on: ubuntu-latest steps: + - name: Get all PR commits + run: echo "PR_FETCH_DEPTH=$(( ${{ github.event.pull_request.commits }} + 1 ))" >> "${GITHUB_ENV}" + - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: ref: ${{ github.event.pull_request.head.ref }} - fetch-depth: ${{ github.event.pull_request.commits }} + fetch-depth: ${{ env.PR_FETCH_DEPTH }} - name: Setup Node.js uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2