test

[KookaS]

• Static analysis: To verify the contents of the configuration as well as testing the syntax and structure of your configuration without deploying any resources, using tools such as compilers, linters, and dry runs. Use terraform validate and tools such as tflint, config-lint, Checkov, Terrascan, tfsec, Deepsource.
• Integration testing: To ensure that modules work correctly, test individual modules in isolation. Use tools and frameworks such as Terratest, Kitchen-Terraform, InSpec.

[KookaS]

infracost

name: Validate Terraform

on:
  pull_request:
    branches:
      - master

jobs:
  terraform:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
      with:
        fetch-depth: 0

    - name: Set up Terraform
      uses: hashicorp/setup-terraform@v2

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v2
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
        aws-region: ${{ vars.AWS_REGION }}

    - name: Terraform Init
      run: terraform init

    - name: Terraform Validate
      run: terraform validate

    - name: Generate Terraform Plan JSON Output
      run: |
        terraform plan -var="db_username=${{ secrets.DB_USERNAME }}" -var="db_password=${{ secrets.DB_PASSWORD }}" -out=tfplan.binary
        terraform show -json tfplan.binary | grep -v "::debug::" | tail -n +2 > plan.json

    - name: Setup Infracost
      uses: infracost/actions/setup@v2
        # See https://github.com/infracost/actions/tree/master/setup for other inputs
        # If you can't use this action, see Docker images in https://infracost.io/cicd
      with:
          api-key: ${{ secrets.INFRACOST_API_KEY }}

    - name: Install OPA
      run: |
        curl -L -o opa https://openpolicyagent.org/downloads/latest/opa_linux_amd64
        chmod 755 ./opa
        sudo mv opa /usr/local/bin/

    - name: Generate Infracost JSON Output
      run: infracost breakdown --path . --format json --out-file infracost_output.json --terraform-var="db_username=${{ secrets.DB_USERNAME }}" --terraform-var="db_password=${{ secrets.DB_PASSWORD }}"

    - name: Evaluate Rego Policies
      id: evaluate_policies
      run: |
        opa eval --data ./policies/aws_tags_policy.rego --input plan.json --format pretty "data.main.deny" > tags_policy_result.txt
        opa eval --data ./policies/aws_cost_policy.rego --input infracost_output.json --format pretty "data.main.deny" > cost_policy_result.txt
        if [[ -s tags_policy_result.txt || -s cost_policy_result.txt ]]; then 
          exit 1
        fi

    - name: Add policy results to job summary
      if: failure()
      run: |
        if [[ -s tags_policy_result.txt ]]; then
          echo "Tags policy violations:" >> $GITHUB_STEP_SUMMARY
          cat tags_policy_result.txt >> $GITHUB_STEP_SUMMARY
        fi
        if [[ -s cost_policy_result.txt ]]; then
          echo "Cost policy violations:" >> $GITHUB_STEP_SUMMARY
          cat cost_policy_result.txt >> $GITHUB_STEP_SUMMARY
        fi

[KookaS]

https://github.com/datarootsio/tf-profile/?utm_source=www.weekly.tf&utm_medium=newsletter&utm_campaign=weekly-tf-issue-123-terraform-provider-debugging-cloudquery-as-k8s-cronjob-making-terraform-custom-provider-enforcing-m2m-authentication-sending-aws-lambda-logs-to-datadog-deploying-azure-hub-spoke-networking-tf-profile To print the process planning