This document discusses tools for improving Terraform code quality, including built-in Terraform tools like fmt and validate, third-party tools like TFLint, local tools using pre-commit, and continuous integration using GitHub Actions. It provides examples of configuring TFLint and pre-commit for local validation and formatting, and implementing GitHub Actions workflows to run fmt, validate, and TFLint on pull requests.

1. Copyright © 2020 HashiCorp
Code Quality
for Terraform

2. Kerim Satirli
(He/Him)
Developer Advocate at HashiCorp

3. @ksatirli
on GitHub and Twitter
Developer Advocate at HashiCorp

4. Agenda Terraform-native
terraform fmt and terraform validate
TFLint and pre-commit
Local options to improve code
GitHub Actions
Validate code on git push

5. Terraform-native
code quality tools

6. Command: terraform fmt
TERMINAL
> terraform fmt
provider.tf
terraform.tf

7. Command: terraform validate
TERMINAL
> terraform validate
Success! The configuration is valid.

8. TFLint

9. TFLint
.tflint.hcl
rule "terraform_required_providers" {
enabled = true
}
rule "terraform_required_version" {
enabled = true
}
rule "terraform_naming_convention" {
enabled = true
format = "snake_case"
}

10. Command: tflint
TERMINAL
> tflint
1 issue(s) found:
Warning: data "google_projects" "projects" is declared but not
used (terraform_unused_declarations)
on data-sources.tf line 11:
11: data "google_projects" "projects" {

11. pre-commit

12. pre-commit
.pre-commit-config.yaml
---
fail_fast: true
minimum_pre_commit_version: "2.6.0"
repos:
-
repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.31.0
hooks:
- id: terraform_fmt
- id: terraform_validate

13. Command: pre-commit run
TERMINAL
> pre-commit run --all-files
Terraform fmt............................................Passed
Terraform validate.......................................Passed
Check for added large files..............................Passed
Check for case conflicts.................................Passed
Check for merge conflicts................................Passed
Check that executables have shebangs....................Skipped
Check JSON..............................................Skipped
Check for merge conflicts................................Passed
Check for broken symlinks...............................Skipped
Check vcs permalinks.....................................Passed
markdownlint.............................................Passed

14. GitHub Actions

15. GitHub Actions
.github/workflows/terraform.yml
---
name: "Code Quality: Terraform"
on:
push:
pull_request:
env:
# `AWS_REGION` must be specified for `terraform validate`
AWS_REGION: "xx-xxxx-0"
...

16. GitHub Actions
.github/workflows/terraform.yml
...
jobs:
terraform:
name: Terraform
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v2
with:
fetch-depth: 1
...

17. GitHub Actions
.github/workflows/terraform.yml
...
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
terraform_version: "0.12.29"
...

18. GitHub Actions
.github/workflows/terraform.yml
...
- name: Run `terraform fmt`
run: terraform fmt -diff -check -no-color -recursive
- name: Run `terraform init`
run: terraform init
- name: Run `terraform validate`
run: terraform validate -no-color

19. GitHub Actions
hashi.co/tf-code-quality-gha

20. Review
▪ built-in options: fmt and validate
▪ local options: TFLint and pre-commit
▪ remote options: GitHub Actions

21. Materials
▪ slides: hashi.co/tf-code-quality
▪ code: hashi.co/tf-code-quality-code
▪ forums: hashi.co/tf-forum

22. Thank You
kerim@hashicorp.com