Merge pull request #2 from github/tf-check

ci: add basic validations/formatting check

Author: garnertb

.github/workflows/terraform-checks.yaml

@@ -0,0 +1,37 @@
+name: Terraform Checks
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    paths:
+      - '**.tf'
+
+permissions:
+  contents: read
+
+jobs:
+  validate-and-format:
+    name: Validate and Format Terraform Files
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Terraform
+        id: terraform
+        uses: hashicorp/[email protected]
+      
+      - name: Initialize Terraform
+        id: init
+        run: terraform init -backend=false
+
+      - name: Validate Terraform
+        id: validate
+        run: terraform validate
+
+      - name: Format Terraform
+        id: format
+        run: terraform fmt -check -recursive

examples/example-firewall/main.tf

@@ -1,7 +1,7 @@
 # Create a VNET using an Azure Firewall to control the VNET network access
 module "vnet" {
-    source = "github.com/garnertb/github-runner-vnet//modules/firewall"
+  source = "github.com/garnertb/github-runner-vnet//modules/firewall"
 
-    base_name = var.base_name
-    github_business_id = var.github_business_id
+  base_name          = var.base_name
+  github_business_id = var.github_business_id
 }

examples/example-firewall/outputs.tf

@@ -1,4 +1,4 @@
 output "gh_network_settings_resource_id" {
-    description = "ID of the GitHub.Network/networkSettings resource"
-    value = module.vnet.network_settings_id
+  description = "ID of the GitHub.Network/networkSettings resource"
+  value       = module.vnet.network_settings_id
 }

examples/example-nsg/main.tf

@@ -1,7 +1,7 @@
 # Create a VNET using an Azure Network Security Group to control the VNET network access
 module "vnet" {
-    source = "github.com/garnertb/github-runner-vnet//modules/nsg"
+  source = "github.com/garnertb/github-runner-vnet//modules/nsg"
 
-    base_name = var.base_name
-    github_business_id = var.github_business_id
+  base_name          = var.base_name
+  github_business_id = var.github_business_id
 }

examples/example-nsg/outputs.tf

@@ -1,4 +1,4 @@
 output "gh_network_settings_resource_id" {
-    description = "ID of the GitHub.Network/networkSettings resource"
-    value = module.vnet.network_settings_id
+  description = "ID of the GitHub.Network/networkSettings resource"
+  value       = module.vnet.network_settings_id
 }

main.tf

@@ -1,10 +1,10 @@
 # Create a VNET using an Azure Network Security Group to control the VNET network access
 module "vnet" {
-    source = "./modules/nsg"
+  source = "./modules/nsg"
 
-    base_name = var.base_name
-    github_business_id = var.github_business_id
-    location = var.location
-    vnet_address_space = var.vnet_address_space
-    runner_subnet_address_prefixes = var.runner_subnet_address_prefixes
+  base_name                      = var.base_name
+  github_business_id             = var.github_business_id
+  location                       = var.location
+  vnet_address_space             = var.vnet_address_space
+  runner_subnet_address_prefixes = var.runner_subnet_address_prefixes
 }

modules/firewall/main.tf

@@ -44,7 +44,7 @@ resource "azurerm_virtual_network" "vnet" {
 }
 
 resource "azurerm_subnet" "firewall_subnet" {
-  address_prefixes     = var.firewall_subnet_address_prefixes
+  address_prefixes = var.firewall_subnet_address_prefixes
   # The subnet name has to be exactly this, in order for the subnet to be used for a firewall
   name                 = "AzureFirewallSubnet"
   resource_group_name  = azurerm_resource_group.resource_group.name
@@ -55,7 +55,7 @@ resource "azurerm_subnet" "firewall_subnet" {
 }
 
 resource "azurerm_subnet" "management_subnet" {
-  address_prefixes     = var.firewall_management_subnet_address_prefixes
+  address_prefixes = var.firewall_management_subnet_address_prefixes
   # The subnet name has to be exactly this in order for the subnet to be used for the firewall management
   name                 = "AzureFirewallManagementSubnet"
   resource_group_name  = azurerm_resource_group.resource_group.name
@@ -132,11 +132,11 @@ resource "azurerm_firewall_policy_rule_collection_group" "firewall_policy_rule_c
   }
 
   application_rule_collection {
-    action = "Allow"
-    name = "AllowApplicationRules"
+    action   = "Allow"
+    name     = "AllowApplicationRules"
     priority = 1000
     rule {
-      name = "GitHub"
+      name             = "GitHub"
       source_addresses = ["*"]
       destination_fqdns = [
         # These FQDNs have been taken from the GitHub documentation for self-hosted runner networking
@@ -180,7 +180,7 @@ resource "azurerm_firewall" "firewall" {
   location            = var.location
   name                = "${var.base_name}-firewall"
   resource_group_name = azurerm_resource_group.resource_group.name
-  firewall_policy_id = azurerm_firewall_policy.firewall_policy.id
+  firewall_policy_id  = azurerm_firewall_policy.firewall_policy.id
   sku_name            = "AZFW_VNet"
   sku_tier            = "Standard"
   ip_configuration {

modules/firewall/outputs.tf

@@ -1,4 +1,4 @@
 output "network_settings_id" {
-    description = "ID of the GitHub.Network/networkSettings resource"
-    value = jsondecode(azapi_resource.github_network_settings.output).tags.GitHubId
+  description = "ID of the GitHub.Network/networkSettings resource"
+  value       = jsondecode(azapi_resource.github_network_settings.output).tags.GitHubId
 }