feat: add linting for terraform files (#1164)

* feat: add linting for terraform files * chore: run terraform fmt against all source files
wmde · Sep 18, 2023 · 647729f · 647729f
1 parent 828c621
commit 647729f
Show file tree

Hide file tree

Showing 66 changed files with 2,665 additions and 2,661 deletions.
diff --git a/.github/workflows/test.yaml → .github/workflows/lint.yaml b/.github/workflows/test.yaml → .github/workflows/lint.yaml
@@ -1,5 +1,5 @@
 on: push
-name: Test
+name: Lint
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -8,3 +8,7 @@ jobs:
         uses: actions/checkout@v3
       - name: Lint YAML files
         uses: ibiqlik/action-yamllint@v3
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v2
+      - name: Check if Terraform files are properly formatted
+        run: terraform fmt -recursive -check tf
diff --git a/tf/env/local/config-map.tf b/tf/env/local/config-map.tf
@@ -1,5 +1,5 @@
 module "wbaas-config" {
   source = "./../../modules/config-map/wbaas-ui-config"
-  
+
   cname_record = "sites-1.dyna.wbaas.localhost."
 }
diff --git a/tf/env/local/providers.tf b/tf/env/local/providers.tf
@@ -1,11 +1,11 @@
 provider "kubernetes" {
   config_path    = "~/.kube/config"
-    config_context = "minikube-wbaas"
+  config_context = "minikube-wbaas"
 }
 
 provider "helm" {
   kubernetes {
-    config_path = "~/.kube/config"
+    config_path    = "~/.kube/config"
     config_context = "minikube"
   }
 }
diff --git a/tf/env/local/secrets-backups.tf b/tf/env/local/secrets-backups.tf
@@ -1,7 +1,7 @@
 # Used by the wbaas-backup pod/job
 resource "kubernetes_secret" "backup-openssl-key" {
   metadata {
-    name = "backup-openssl-key"
+    name      = "backup-openssl-key"
     namespace = "default"
   }
 

diff --git a/tf/env/local/secrets-recapcha.tf b/tf/env/local/secrets-recapcha.tf
@@ -7,7 +7,7 @@ resource "kubernetes_secret" "recaptcha-v3-dev-secrets" {
   }
 
   data = {
-    "site_key" = var.recaptcha_v3_dev_site_key,
+    "site_key"   = var.recaptcha_v3_dev_site_key,
     "secret_key" = var.recaptcha_v3_dev_secret
   }
 }
@@ -26,7 +26,7 @@ resource "kubernetes_secret" "recaptcha-v2-dev-secrets" {
   }
 
   data = {
-    "site_key" = var.recaptcha_v2_dev_site_key,
+    "site_key"   = var.recaptcha_v2_dev_site_key,
     "secret_key" = var.recaptcha_v2_dev_secret
   }
 }

diff --git a/tf/env/local/variables.tf b/tf/env/local/variables.tf
@@ -1,34 +1,34 @@
 variable "sql-passwords" {
-  type    = set(string)
+  type        = set(string)
   description = "SQL passwords to create and send to k8s as secrets"
   default = [
-      "root",
-      "replication",
-      "api",
-      "mediawiki-db-manager",
-      "backup-manager",
-      ]
+    "root",
+    "replication",
+    "api",
+    "mediawiki-db-manager",
+    "backup-manager",
+  ]
 }
 
 variable "recaptcha_v3_dev_site_key" {
-  type = string
+  type        = string
   description = "Site key to access recaptcha v3"
-  sensitive = true
+  sensitive   = true
 }
 
 variable "recaptcha_v3_dev_secret" {
-  type = string
+  type        = string
   description = "Secret key to access recaptcha v3"
-  sensitive = true
+  sensitive   = true
 }
 variable "recaptcha_v2_dev_site_key" {
-  type = string
+  type        = string
   description = "Site key to access recaptcha v2"
-  sensitive = true
+  sensitive   = true
 }
 
 variable "recaptcha_v2_dev_secret" {
-  type = string
+  type        = string
   description = "Secret key to access recaptcha v2"
-  sensitive = true
+  sensitive   = true
 }
diff --git a/tf/env/production/buckets.tf b/tf/env/production/buckets.tf
@@ -3,8 +3,8 @@ module "production-buckets" {
   providers = {
     kubernetes = kubernetes.wbaas-3
   }
-  project_prefix = "wikibase-cloud"
+  project_prefix               = "wikibase-cloud"
   static_bucket_writer_account = google_service_account.api.email
-  user_object_admins = var.terraformers
+  user_object_admins           = var.terraformers
 }
 
diff --git a/tf/env/production/cluster.tf b/tf/env/production/cluster.tf
@@ -1,9 +1,9 @@
 resource "google_container_cluster" "wbaas-3" {
-  name = "wbaas-3"
+  name                     = "wbaas-3"
   remove_default_node_pool = true
   initial_node_count       = 1
   monitoring_config {
-    enable_components = [ "SYSTEM_COMPONENTS" ]
+    enable_components = ["SYSTEM_COMPONENTS"]
     managed_prometheus {
       enabled = true
     }
@@ -24,38 +24,38 @@ resource "google_container_cluster" "wbaas-3" {
 # when there are no nodes in the pool. You may wish to create a new node pool first and then
 # delete the old one.
 resource "google_container_node_pool" "wbaas-3_highmem-16" {
-    cluster = "wbaas-3"
-    name                = "n2-highmem-16-pool"
-    node_count          = 3
-    node_locations      = [
-        "europe-west3-a",
+  cluster    = "wbaas-3"
+  name       = "n2-highmem-16-pool"
+  node_count = 3
+  node_locations = [
+    "europe-west3-a",
+  ]
+  node_config {
+    disk_size_gb = 64
+    disk_type    = "pd-standard"
+    machine_type = "n2-highmem-16"
+    metadata = {
+      "disable-legacy-endpoints" = "true"
+    }
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+      "https://www.googleapis.com/auth/trace.append",
     ]
-    node_config {
-        disk_size_gb      = 64
-        disk_type         = "pd-standard"
-        machine_type      = "n2-highmem-16"
-        metadata          = {
-            "disable-legacy-endpoints" = "true"
-        }
-        oauth_scopes      = [
-            "https://www.googleapis.com/auth/devstorage.read_only",
-            "https://www.googleapis.com/auth/logging.write",
-            "https://www.googleapis.com/auth/monitoring",
-            "https://www.googleapis.com/auth/service.management.readonly",
-            "https://www.googleapis.com/auth/servicecontrol",
-            "https://www.googleapis.com/auth/trace.append",
-        ]
-        preemptible       = false
-        service_account   = "default"
-        shielded_instance_config {
-            enable_integrity_monitoring = true
-            enable_secure_boot          = false
-        }
-        logging_variant = "MAX_THROUGHPUT"
+    preemptible     = false
+    service_account = "default"
+    shielded_instance_config {
+      enable_integrity_monitoring = true
+      enable_secure_boot          = false
     }
+    logging_variant = "MAX_THROUGHPUT"
+  }
 
-    upgrade_settings {
-        max_surge       = 1
-        max_unavailable = 0
-    }
+  upgrade_settings {
+    max_surge       = 1
+    max_unavailable = 0
+  }
 }
diff --git a/tf/env/production/dns.tf b/tf/env/production/dns.tf
@@ -1,69 +1,69 @@
 resource "google_dns_managed_zone" "cloud" {
-    description   = "Zone for wikibase.cloud"
-    dns_name      = "wikibase.cloud." # TODO: Make this a variable.
-    name          = "wikibase-cloud-zone"
-    visibility    = "public"
+  description = "Zone for wikibase.cloud"
+  dns_name    = "wikibase.cloud." # TODO: Make this a variable.
+  name        = "wikibase-cloud-zone"
+  visibility  = "public"
 }
 
 resource "google_dns_record_set" "cloud-NS" {
-    managed_zone = google_dns_managed_zone.cloud.name
-    name         = google_dns_managed_zone.cloud.dns_name
-    rrdatas      = [
-        "ns-cloud-b1.googledomains.com.",
-        "ns-cloud-b2.googledomains.com.",
-        "ns-cloud-b3.googledomains.com.",
-        "ns-cloud-b4.googledomains.com.",
-    ]
-    ttl          = 21600
-    type         = "NS"
+  managed_zone = google_dns_managed_zone.cloud.name
+  name         = google_dns_managed_zone.cloud.dns_name
+  rrdatas = [
+    "ns-cloud-b1.googledomains.com.",
+    "ns-cloud-b2.googledomains.com.",
+    "ns-cloud-b3.googledomains.com.",
+    "ns-cloud-b4.googledomains.com.",
+  ]
+  ttl  = 21600
+  type = "NS"
 }
 resource "google_dns_record_set" "cloud-SOA" {
-    managed_zone = google_dns_managed_zone.cloud.name
-    name         = google_dns_managed_zone.cloud.dns_name
-    rrdatas      = [
-        "ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300",
-    ]
-    ttl          = 21600
-    type         = "SOA"
+  managed_zone = google_dns_managed_zone.cloud.name
+  name         = google_dns_managed_zone.cloud.dns_name
+  rrdatas = [
+    "ns-cloud-b1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300",
+  ]
+  ttl  = 21600
+  type = "SOA"
 }
 
 resource "google_dns_record_set" "cloud-A" {
-    managed_zone = google_dns_managed_zone.cloud.name
-    name         = google_dns_managed_zone.cloud.dns_name
-    rrdatas      = [
-        google_compute_address.default.address,
-    ]
-    ttl          = 300
-    type         = "A"
+  managed_zone = google_dns_managed_zone.cloud.name
+  name         = google_dns_managed_zone.cloud.dns_name
+  rrdatas = [
+    google_compute_address.default.address,
+  ]
+  ttl  = 300
+  type = "A"
 }
 
 resource "google_dns_record_set" "cloud-wildcard-A" {
-    managed_zone = google_dns_managed_zone.cloud.name
-    name         = "*.wikibase.cloud." # TODO: Make this a variable.
-    rrdatas      = [
-        google_compute_address.default.address,
-    ]
-    ttl          = 300
-    type         = "A"
+  managed_zone = google_dns_managed_zone.cloud.name
+  name         = "*.wikibase.cloud." # TODO: Make this a variable.
+  rrdatas = [
+    google_compute_address.default.address,
+  ]
+  ttl  = 300
+  type = "A"
 }
 
 resource "google_dns_record_set" "cloud-MailGun-record" {
-    for_each = {
-        for index, record in mailgun_domain.default.sending_records:
-        index => record
-    }
-    name = "${each.value.name}."
-    managed_zone = google_dns_managed_zone.cloud.name
-    type = each.value.record_type
-    rrdatas = [ replace("\"${each.value.value}\"", "/^\"eu.mailgun.org\"$/", "eu.mailgun.org." ) ]
+  for_each = {
+    for index, record in mailgun_domain.default.sending_records :
+    index => record
+  }
+  name         = "${each.value.name}."
+  managed_zone = google_dns_managed_zone.cloud.name
+  type         = each.value.record_type
+  rrdatas      = [replace("\"${each.value.value}\"", "/^\"eu.mailgun.org\"$/", "eu.mailgun.org.")]
 }
 
 resource "google_dns_record_set" "cloud-dyna-A" {
-    managed_zone = google_dns_managed_zone.cloud.name
-    name         = "sites-1.dyna.wikibase.cloud."
-    rrdatas      = [
-        google_compute_address.default.address,
-    ]
-    ttl          = 300
-    type         = "A"
+  managed_zone = google_dns_managed_zone.cloud.name
+  name         = "sites-1.dyna.wikibase.cloud."
+  rrdatas = [
+    google_compute_address.default.address,
+  ]
+  ttl  = 300
+  type = "A"
 }