GitHub Action

[jlosito]

I believe it would be nice if there was a GitHub action which is owned by this organization.

I have a bunch of code that I like to run tflint over for sanity reasons but would like to integrate that step into my GitHub workflow. I do see some tflint actions already on the marketplace, but none that I know of are are owned by the terraform-linters organization. Having it owned by this organization, I feel it would be easier for people to request the ability to use that action from their employeer if their employeer only allowed blessed actions.

[bendrucker]

This isn't how the Actions Marketplace and permissions work:

I feel it would be easier for people to request the ability to use that action from their employeer if their employeer only allowed blessed actions.

https://docs.github.com/en/free-pro-team@latest/github/setting-up-and-managing-organizations-and-teams/disabling-or-limiting-github-actions-for-your-organization#allowing-specific-actions-to-run

You can restrict to first party actions from GitHub or verified third parties, which wouldn't apply. If you are on GitHub Enterprise either in the cloud or on-prem it seems like there's also options to restrict to specific orgs, actions, versions etc.

There's certainly some implied trust associated with the GitHub org and it would be nice to have an official action, more for discoverability and keeping up with changes than anything else. No plans to work on that immediately but if you have a favorite third party action please share so if we eventually pursue this we can compare.

[jlosito]

You said it a lot better than I did. The issue I'm having is the trust factor and having an official action would more easily allow me to use something that the terraform-linters organization publishes.

I personally don't have a favorite on the marketplace.

[bendrucker]

We could offer something like this:

https://github.com/marketplace/actions/setup-tflint

That would be similar to the https://github.com/marketplace/actions/hashicorp-setup-terraform action, but probably without any sort of wrapper functionality.

There's also this:

https://github.com/reviewdog/action-tflint

Reviewdog adds errors as annotations so they show up directly with the code, best PR experience IMO. It's missing the ability to specify a TFLint version other than "latest" but otherwise offers the best overall functionality.

[jlosito]

From my perspective, I think you'd be better fitted to make that decision. You're the one who has more experience with the community. You're the one who deals with the community on a day to day basis, not I.

I really enjoy using the tool and I'm sure whatever decision you make due to your experience is going to be great.

[jgeurts]

I would also like to see an official tflint GiitHub action. There is an implicit trust when using an action from the author/org of the tool it wraps.

I recently contributed to the setup-tflint project. It seemed the most straightforward action to me and was maintained relatively recently. The code is now very similar to the setup-terraform code base. It allows the end user to specify a specific version of tflint to use or it will grab the latest release. It supports all of the environments and architectures that tflint supports (reviewdog only supports linux x64).

Pulling in wrapper functionality, like setup-terraform uses, to expose the stdin, stdout, and stderr streams should be a pretty straightforward addition to the code.

I do agree with @bendrucker that the code suggestions from reviewdog are really nice!

[bendrucker]

@karol-bujacek would you be interested in transferring setup-flint into this org? I'm spending a good deal of time on GitHub Actions these days, I'd be happy to help with maintaining it.

[karol-bujacek]

@bendrucker, I am not involved in the setup-tflint project so your question should be addressed to other guys. @martinhaus?

[bendrucker]

Got it, thanks. Martin let me know if you're interested.

[martinhaus]

@bendrucker Hi, I think that's a good idea. What's the best way to make this transition? Do we just create a new repo in your org, transfer the contents and deprecate our repo with a link to the new one?

[bendrucker]

Great! We can definitely just copy the content, but you can also transfer via GitHub. I think that has the advantage of redirecting users automatically, as well as preserving issue/PR history.

https://docs.github.com/en/github/administering-a-repository/transferring-a-repository

To transfer repositories to an organization, you must have repository creation permissions in the receiving organization. If organization owners have disabled repository creation by organization members, only organization owners can transfer repositories out of or into the organization.

Once a repository is transferred to an organization, the organization's default repository permission settings and default membership privileges will apply to the transferred repository.

I've invited you to the organization, so you should be able to transfer once you accept.

[martinhaus]

Alright, it's transferred.

[bendrucker]

Much appreciated! For everyone on the thread, this action remains available at:

https://github.com/marketplace/actions/setup-tflint