So it starts out easy, you write a bit of terraform and all is going well then as more and more people start committing and the code is churning things start to get messy. Breaking commits block release, formatting isn’t consistent and and errors get repeated.
Seems a bit odd right, in the middle of your devops pipe which dutifully checks code passes tests and validation you just give terraform a free pass.
The good new is terraform has tools to help you out here and make life better!
Here is my rough script for running during build to detect and fail early on a host of terraform errors. It’s also pinning terraform to a set release (hopefully the same one you use when releasing to prod) and doing a terraform init each time to make sure you have providers pinned (if not the script fail when a provider ships breaking changes and give you an early heads up).
It’s rough and ready so make sure your happy with what it does before you give it a run. For an added bonus the docker command below the script runs it inside a Azure Devops container to emulate locally what should happen when you push.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| set -e | |
| SCRIPT_DIR=$(dirname "$BASH_SOURCE") | |
| cd "$SCRIPT_DIR" | |
| echo -e "\n\n>>> Installing Terraform 0.12" | |
| # Install terraform tooling for linting terraform | |
| wget -q https://releases.hashicorp.com/terraform/0.12.4/terraform_0.12.4_linux_amd64.zip -O /tmp/terraform.zip | |
| sudo unzip -q -o -d /usr/local/bin/ /tmp/terraform.zip | |
| echo "" | |
| echo -e "\n\n>>> Install tflint (3rd party)" | |
| wget -q https://github.com/wata727/tflint/releases/download/v0.9.1/tflint_linux_amd64.zip -O /tmp/tflint.zip | |
| sudo unzip -q -o -d /usr/local/bin/ /tmp/tflint.zip | |
| echo -e "\n\n>>> Terraform verion" | |
| terraform -version | |
| echo -e "\n\n>>> Terraform Format (if this fails use 'terraform fmt' command to resolve" | |
| terraform fmt -recursive -diff -check | |
| echo -e "\n\n>>> tflint" | |
| tflint | |
| echo -e "\n\n>>> Terraform init" | |
| terraform init | |
| echo -e "\n\n>>> Terraform validate" | |
| terraform validate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker run –rm -v ${PWD}:/source mcr.microsoft.com/azure-pipelines/vsts-agent:ubuntu-16.04-docker-18.06.1-ce-standard \ | |
| /source/deployment/validate-tf.sh |
Optionally you can add args like -var java_functions_zip_file=something to the terraform validate call.
Hope this helps as a quick rough guide!
GripDev 