Shared GitHub workflows, to be referenced by other Padok projects.

The following reusable workflows are available in .github/workflows:

To use these workflows in your project, copy files from the folders listed below, and paste them in the .github/workflows/ folder in your own repo.

• global: for all your projects
• terraform: useful for Terraform modules
• terragrunt : Use for Terragrunt project and terraform modules

Your repo should have the following structure:

.
├── .github
│   ├── CODEOWNERS
│   └── workflows
│       ├── release.yml
│       ├── semantic-check.yml
│       ├── terraform-docs.yml
│       └── terraform-quality.yml
├── .gitignore
├── LICENSE
├── main.tf
├── README.md
├── renovate.json
└── ... (other files)

• tenvmake sure that the correct version of Terraform and terragrunt is used
• terraform fmt to check the basic formatting of Terraform code
• terragrunt hclfmt to check the formatting of terragrunt hcl files
• guacamole check the code quality
• checkov to check for security issues

There are several tools to ensure that Terraform code is secure and follows best practices. We selected the following ones:

• tfswitch make sure that the correct version of Terraform is used
• terraform fmt to check the basic formatting of Terraform code
• terraform validate to check the validity of Terraform code
• tflint to check for code quality issues
• checkov to check for security issues

The following tools were considered but ultimately not included:

• tfsec is redundant with checkov, and from Padok's experience, the latter is more reliable
• terrascan has not been tested by Padok yet
• terraform docs is delegated to another workflow, since it could add a commit to the pull request

Feel free to suggest other tools to add to this workflow!