`tflint` `deep_check` in Docker

Smana commented 2 years ago

Describe the bug

I'm trying to use the tflint hook and I cannot get it work in a recursive mode. I didn't find the root cause yet.

How can we reproduce it?

Here is the .pre-commit-config.yaml

repos:
  - repo: https://github.com/antonbabenko/pre-commit-terraform.git
    rev: v1.74.0
    hooks:
      - id: terraform_fmt
      - id: terraform_tflint
        args:
          - --args=--init
          - --args=--config=__GIT_WORKING_DIR__/.tflint.hcl

and the .tflint.hcl

config {
  module = true
}
plugin "aws" {
  enabled    = true
  deep_check = true
  source     = "github.com/terraform-linters/tflint-ruleset-aws"
  version    = "0.14.0"
}

When I run the command from the root directory of the repository it doesn't throw any error.

pre-commit run --all
[INFO] Initializing environment for https://github.com/antonbabenko/pre-commit-terraform.git.
Terraform fmt............................................................Passed
Terraform validate with tflint...........................................Passed

If I run the tflint command from a test module as follows it works:

tflint --config=../../.tflint.hcl
2 issue(s) found:

Error: "t1.medium" is an invalid value as instance_type (aws_instance_invalid_type)

  on main.tf line 3:
   3:   instance_type = "t1.medium"

Warning: "t1.medium" is previous generation instance type. (aws_instance_previous_type)

  on main.tf line 3:
   3:   instance_type = "t1.medium"

Reference: https://github.com/terraform-linters/tflint-ruleset-aws/blob/v0.14.0/docs/rules/aws_instance_previous_type.md

Environment information

Docker image: ubuntu:jammy-20220421
tflint version v0.37.0
pre-commit version 2.18.1

Any help would be welcome, I'm probably missing something obvious to you :)

MaxymVlasov commented 2 years ago

Try remove --args=--init

Smana commented 2 years ago

Try remove --args=--init

Sorry I'll update the issue because I forgot to mention that most of the time this step is ran using a docker container.

MaxymVlasov commented 2 years ago

Please, do not try create your own docker image if it not strictly required

Use this:

TAG=v1.74.1
docker run -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a

https://github.com/antonbabenko/pre-commit-terraform#4-run

Otherwise, at least provide Dockerfile

Smana commented 2 years ago

Hi I understand your concerns about using our own docker image and I'll see if this is required. In the meantime I used the command you provided without success:

TAG=v1.74.1
docker run -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a
[INFO] This may take a few minutes...
Terragrunt fmt...........................................................Passed
Terraform fmt............................................................Passed
Terraform validate with tflint...........................................Passed
Check for merge conflicts................................................Passed

But digging further I noticed too mistakes:

the --args=--init wasn't necessary at the end
the option deep_check requires AWS credentials, my bad

Removing them did the trick, thanks for your help

MaxymVlasov commented 2 years ago

Theoretically, that should help, if tflint does not requires aws CLI for that.

TAG=v1.74.1
docker run \
    -v "$HOME/.aws:/root/.aws" \
    -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a

Or, which is better for CI

TAG=v1.74.1
  AWS_ACCESS_KEY_ID=
  AWS_ACCESS_KEY_ID= 
  AWS_REGION=

docker run \
    -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \
    -e AWS_SECRET_ACCESS_KEY=$AWS_ACCESS_KEY_ID \
    -e AWS_REGION=$AWS_REGION \
    -v $(pwd):/lint -w /lint ghcr.io/antonbabenko/pre-commit-terraform:$TAG run -a

https://github.com/terraform-linters/tflint-ruleset-aws/blob/master/docs/deep_checking.md#credentials

antonbabenko / pre-commit-terraform