cloudeteer / terraform-governance

☁️ Cloudeteer's Terraform Governance
https://www.cloudeteer.de
2 stars 0 forks source link

Use required Terraform version on remote test #43

Closed rswrz closed 1 month ago

rswrz commented 2 months ago

In most cases, the specific Terraform version used during module development or testing is not critical, as the Terraform CLI automatically adheres to the version constraints defined in the terraform.tf (or versions.tf) file. However, we specify the minimum required versions of both the Terraform CLI and the Terraform providers in each module, without actually testing them—these values are more of an educated guess.

This PR enhances the existing "Remote Test" workflow by adding two steps:

  1. Detect the Terraform version.
  2. Install the explicitly specified Terraform version.

Step 1 requires the required_version to be defined in the terraform.tf file for the remote test. We should update our style guide to recommend that the minimum recommended versions of Terraform and providers be specified in remote tests.

Additionally, this PR switches from using the Terraform container (version 1.9) to the new get-terraform-version action combined with the official HashiCorp setup-terraform action, ensuring more flexibility and alignment with the latest best practices.

Example:

If a module specifies the following versions in its terraform.tf:

terraform {
  required_version = ">= 1.9"

  required_providers {
    azapi = {
      source  = "azure/azapi"
      version = ">= 1.14"
    }

    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 4.1"
    }

    random = {
      source  = "hashicorp/random"
      version = ">= 3.1"
    }

    tls = {
      source  = "hashicorp/tls"
      version = ">= 4.0"
    }
  }
}

Our remote test should then use exactly these minimum versions, rather than following the version constraints and potentially using the latest Terraform version. For testing, we would define the following tests/remote/terraform.tf file:

terraform {
  required_version = "1.9.0"

  required_providers {
    azapi = {
      source  = "azure/azapi"
      version = "1.14.0"
    }

    azurerm = {
      source  = "hashicorp/azurerm"
      version = "4.1.0"
    }

    random = {
      source  = "hashicorp/random"
      version = "3.1.0"
    }

    tls = {
      source  = "hashicorp/tls"
      version = "4.0.0"
    }
  }
}

This ensures that new features added to the module are fully compatible with the specified version constraints.