feat: PR CI + linting (#2)

.github/workflows/_checkov.yml

@@ -0,0 +1,29 @@
+name: (sub) BridgeCrew Checkov
+
+permissions:
+  contents: read
+
+on: 
+  workflow_call:
+
+jobs:
+  pre_commit_framework:
+    name: Checkov
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.8
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.8
+
+      - name: Test with Checkov
+        id: checkov
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          directory: .
+          framework: terraform 
+          soft_fail: true
+          quiet: true

.github/workflows/_pre_commit.yml

@@ -0,0 +1,27 @@
+name: (sub) Pre-Commit framework run
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+
+on: 
+  workflow_call:
+
+jobs:
+  pre_commit_framework:
+    name: Pre-Commit
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9.4'
+
+      - name: Run pre-commit framework as the developer should run it
+        run: sudo ./scripts/install.sh && sudo ./scripts/run.sh

.github/workflows/_tf_validate.yml

@@ -3,6 +3,10 @@ name: (sub) TF validate
 permissions:
   contents: read
 
+defaults:
+  run:
+    shell: bash
+
 on:
   workflow_call:
     inputs:
@@ -14,22 +18,6 @@ on:
         description: Path to module that will be tested, a space delimited list of relative paths
         type: string
         required: true
-  workflow_dispatch:
-    inputs:
-      tf_version:
-        description: |
-          Version of TF we validate with,
-          a space delimited list.
-        type: string
-        required: true
-        default: 0.15 1.2
-      paths:
-        description: |
-          Path to module that will be tested,
-          a space delimited list of paths relative to repo's root.
-        type: string
-        required: true
-        default: modules/vmseries
 
 jobs:
   prerequisites:
@@ -44,8 +32,7 @@ jobs:
         run: |
           echo "::set-output name=paths::$(echo -n "${{ inputs.paths }}" | jq -R -s -c 'split(",")')"
           echo "::set-output name=tf_versions::$(echo "${{ inputs.tf_version }} " | jq -R -s -c 'split(" ")[:-1]')"
-        shell: bash
-
+        
   validate:
     needs: [prerequisites]
     name: '${{ matrix.path }}@${{ matrix.tf_version }}'
@@ -57,8 +44,16 @@ jobs:
     steps:
       - name: checkout code
         uses: actions/checkout@v3
-      - name: run validation
-        uses: ./.github/actions/tf_validate
+
+      - name: setup Terraform
+        uses: hashicorp/setup-terraform@v2
         with:
-          path: ${{ matrix.path }}
-          tf_version: ${{ matrix.tf_version }}
+          terraform_version: ${{ matrix.tf_version }}
+
+      - name: run validation for ${{ matrix.path }}
+        run: |
+          cd "$GITHUB_WORKSPACE"/${{ matrix.path }}
+          terraform -version
+          terraform init -backend=false
+          terraform validate
+        

.github/workflows/pr_ci.yml

@@ -1,38 +1,28 @@
-name: PR CI
+name: (sub) PR CI
 
 permissions:
   contents: read
 
 on:
-  pull_request:
-    branches: ['main']
+  workflow_call:
 
 jobs:
   pre-commit:
-    name: Pre-Commit framework
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v3
-      - name: run pre-commit
-        uses: ./.github/actions/pre_commit
+    name: Pre-Commit
+    uses: ./.github/workflows/_pre_commit.yml
+
 
   checkov:
-    name: Scan Terraform code with Checkov
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout code
-        uses: actions/checkout@v3
-      - name: run checkov
-        uses: ./.github/actions/checkov
+    name: Checkov
+    uses: ./.github/workflows/_checkov.yml
 
 
   tf_prereqs:
     name: terraform modules discovery
     runs-on: ubuntu-latest
     outputs:
       validate_paths: ${{ steps.format.outputs.dir_diff }}
-      plan_paths: ${{ steps.deps.outputs.examples }}
+      # plan_paths: ${{ steps.deps.outputs.examples }}
     steps:
       - name: checkout code
         uses: actions/checkout@v3
@@ -55,22 +45,22 @@ jobs:
         run: |
           echo "::set-output name=dir_diff::$(echo -n "$DIFFS" | sed -E "s/^(modules|examples)\/(.+)\/.*$/\1\/\2/"  | tr '\n' ',')"
 
-      - name: discover module->example dependencies
-        id: deps
-        env:
-          DIFFS: ${{ steps.format.outputs.dir_diff }}
-        shell: bash
-        run: |
-          if [ "$DIFFS" ]; then
-            EXAMPLES_DISCOVERY=$(for M in $(echo "$DIFFS" | tr ',' '\n' | grep modules); do
-              echo $(grep -rl "$M" examples/*/*.tf | sed -E "s/^(examples\/.*)\/.*$/\1/g")
-            done | sort -u | awk NF)
+      # - name: discover module->example dependencies
+      #   id: deps
+      #   env:
+      #     DIFFS: ${{ steps.format.outputs.dir_diff }}
+      #   shell: bash
+      #   run: |
+      #     if [ "$DIFFS" ]; then
+      #       EXAMPLES_DISCOVERY=$(for M in $(echo "$DIFFS" | tr ',' '\n' | grep modules); do
+      #         echo $(grep -rl "$M" examples/*/*.tf | sed -E "s/^(examples\/.*)\/.*$/\1/g")
+      #       done | sort -u | awk NF)
+
+      #       EXAMPLES_COMBINED=$(echo "$(echo $EXAMPLES_DISCOVERY | tr ' ' ','),$DIFFS" | tr ',' '\n' | awk NF | grep examples | sort -u)
 
-            EXAMPLES_COMBINED=$(echo "$(echo $EXAMPLES_DISCOVERY | tr ' ' ','),$DIFFS" | tr ',' '\n' | awk NF | grep examples | sort -u)
+      #       echo "::set-output name=examples::$(echo -n $EXAMPLES_COMBINED | jq -R -s -c 'split(" ")')"
+      #     fi
 
-            echo "::set-output name=examples::$(echo -n $EXAMPLES_COMBINED | jq -R -s -c 'split(" ")')"
-          fi
-    
 
   validate:
     name: validate all changed modules