tflint produces no warning/error when run with following example
SohamChakraborty opened this issue · comments
Hi,
I am not sure whether I am missing something trivial/important, but FWIW, I am trying to use this action and failing to find out why no output (error/warning) is displayed. When I run tflint locally, I do see error/warning.
My config:
name: reviewdog
on:
pull_request:
paths:
- '**/*.tf'
- '**/*.tfvars'
- '**/*.tfvar'
jobs:
tflint:
name: runner / tflint
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
# Minimal example
- name: tflint
uses: reviewdog/action-tflint@master
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
filter_mode: nofilter
level: info
This is what I get:
Run reviewdog/action-tflint@master
with:
github_token: ***
reporter: github-pr-review
filter_mode: nofilter
level: info
fail_on_error: false
working_directory: .
tflint_version: latest
flags: --module
Preparing
Detected linux running on amd64, will install tools in /tmp/tmp.rf76iJGetb
Looking up the latest tflint version ...
🐶 Installing reviewdog (v0.12.0) ... https://github.com/reviewdog/reviewdog
reviewdog/reviewdog info checking GitHub for tag 'v0.12.0'
reviewdog/reviewdog info found version: 0.12.0 for v0.12.0/Linux/x86_64
reviewdog/reviewdog info installed /tmp/tmp.rf76iJGetb/reviewdog/reviewdog
Installing tflint (v0.30.0) ... https://github.com/terraform-linters/tflint
Archive: /tmp/tmp.rf76iJGetb/tflint.zip
inflating: /tmp/tmp.rf76iJGetb/temp-tflint/tflint
Print tflint details ...
TFLint version 0.30.0
Running tflint with reviewdog 🐶 ...
Although when I run tflint locally, I get this error (among others):
tflint .
Error: Failed to load configurations: main.tf:44,3-11: Reserved argument name in resource block; The name "for_each" is reserved for use in a future version of Terraform., and 4 other diagnostic(s)
What's going on here?
Hey!
Hm... is your code actually valid Terraform? What happens if you run a terraform validate?
The error you posted is actually a Terraform validation issue, not a tflint rule violation. Looking at the tflint repo, the behavior for invalid terraform files is to just exit early: terraform-linters/tflint#983 which is what we're seeing here.
Right, so when I run validate it works fine.
$ terragrunt validate
Success! The configuration is valid.
When I run tflint it says me this:
$ tflint .
Error: Failed to load configurations: versions.tf:3,11-6,6: Invalid version constraint; A string value is required for aws.
Now, I have deliberately introduced an error here:
$ cat main.tf
terraform {
backend "s3" {
key = "terraform/tflint/terraform.tfstate"
}
}
provider "aws" {}
resource "aws_instance" "foo" {
ami = "ami-0ff8a91507f77f867"
instance_type = "t1.2xlarge" # invalid type!
}
Strangely, my tfsec action works fine and tells me this:
Resource 'aws_instance.foo' is missing metadata_options block - it is required with http_tokens set to required to make Instance Metadata Service more secure.
And tflint passes without saying anything.
This is tfsec.yml:
name: tfsec
on:
pull_request:
paths:
- '**/*.tf'
jobs:
tfsec:
name: runner / tfsec
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
- name: tfsec
uses: reviewdog/action-tfsec@master
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
filter_mode: "file" # nofilter option checks all files, not just diff
fail_on_error: true # fail action if errors are found
level: error # change to info for more information
This is tflint.yml:
name: hooks
on:
pull_request:
branches:
- master
# paths:
# - '**/*.tf'
jobs:
tflint:
name: runner / tflint
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
- name: tflint
uses: reviewdog/action-tflint@master
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
tflint_version: "v0.24.0"
filter_mode: "nofilter" # nofilter option checks all files, not just diff
# fail_on_error: true # fail action if errors are found
level: info # change to info for more information
Not really sure what is going on. Thanks for checking @Vlaaaaaaad
@SohamChakraborty can you try without the tflint_version: "v0.24.0" line? That specific version of tflint seems to be for older terraform versions (0.14).
Removed the version. But no luck.
Run reviewdog/action-tflint@master
with:
github_token: ***
reporter: github-pr-review
filter_mode: nofilter
level: info
fail_on_error: false
working_directory: .
tflint_version: latest
flags: --module
Preparing
Detected linux running on amd64, will install tools in /tmp/tmp.Y57ZaOoTNL
Looking up the latest tflint version ...
🐶 Installing reviewdog (v0.12.0) ... https://github.com/reviewdog/reviewdog
reviewdog/reviewdog info checking GitHub for tag 'v0.12.0'
reviewdog/reviewdog info found version: 0.12.0 for v0.12.0/Linux/x86_64
reviewdog/reviewdog info installed /tmp/tmp.Y57ZaOoTNL/reviewdog/reviewdog
Installing tflint (v0.30.0) ... https://github.com/terraform-linters/tflint
Archive: /tmp/tmp.Y57ZaOoTNL/tflint.zip
inflating: /tmp/tmp.Y57ZaOoTNL/temp-tflint/tflint
Print tflint details ...
TFLint version 0.30.0
Running tflint with reviewdog 🐶 ...
1s
Post job cleanup.
/usr/bin/git version
git version 2.32.0
/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
http.https://github.com/.extraheader
/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
Could it be a working directory problem? Just wild guess.
Hm... it could be. I'll test it in GitHub and report back!
As you can see in Vlaaaaaaad/test-tflint-bug-maybe#1, the following code seems to work:
- name: tflint
uses: reviewdog/action-tflint@master
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
filter_mode: "nofilter" # nofilter option checks all files, not just diff
# fail_on_error: true # fail action if errors are found
level: info # change to info for more informationCan you tell me if that works for you? Also, are your Terraform files in the root of the repo, or are you using a subfolder?
The terraform files are not at the root of repo, they are in a subfolder. So, I used your code from the repo and also added paths. The result remained the same.
I will give it a fresh try on another repo and see if something is missing with my configuration.
Give me a couple of days, I will test over the weekend and report back.
Thanks @Vlaaaaaaad
No worries, I am not in a rush!
Setting working_directory to your desired subfolder name should make the action work:
- name: tflint
uses: reviewdog/action-tflint@master
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
filter_mode: "nofilter" # nofilter option checks all files, not just diff
# fail_on_error: true # fail action if errors are found
level: info # change to info for more information
working_directory: subfolder
Hi @Vlaaaaaaad,
Thank you for the time. I checked with various combinations and permutations. But in all cases, my tests are failing. I even moved the defective code to the root of the repository, but it didn't produce any result.
I then moved it back to my original terraform directory structure like this
root of repo --> terraform --> workload --> defective code directory
That also didn't work. I tried multiple tflint.yml structures to no yield:
name: tflint
on:
pull_request:
paths:
- '**/*.tf'
jobs:
tflint:
name: runner / tflint
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@v2
- name: tflint
uses: reviewdog/action-tflint@master
with:
github_token: ${{ secrets.github_token }}
reporter: github-pr-review
filter_mode: "nofilter" # nofilter option checks all files, not just diff
#fail_on_error: true # fail action if errors are found
level: info # change to info for more information
2nd test: Then, added
working_directory: terraform/workload
3rd test: Then removed,
paths:
- '**/*.tf'
4th test: Then removed,
working_directory: terraform/workload
5th test: Then added,
working_directory: terraform
6th test: Then added
working_directory: terraform/workload
Each of the tests were repeated with the defective code directory at repo root and at repo_root/terraform/workload.
Then I gave up. I will probably try to see if precommit works in my case.
Thanks for reading :)
@SohamChakraborty I created a new repo and tested how the action performs when the Terraform files are in a directory example/deep, in my case. As you can see here, the action behaves as expected.
Can you maybe share a public repo where you can reproduce the error you're reporting?
@SohamChakraborty any updates on this?
Closing due to a lack of activity! Feel free to re-open if you can share a public repo the error can be reproduced.