New: [AEA-4883] - Adds Terraform Quality Checks

.devcontainer/Dockerfile

@@ -18,15 +18,17 @@ RUN git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.11.3; \
     echo '. $HOME/.asdf/asdf.sh' >> ~/.bashrc; \
     echo '. $HOME/.asdf/completions/asdf.bash' >> ~/.bashrc;
 
-ENV PATH="$PATH:/home/vscode/.asdf/bin/:/workspaces/eps-prescription-tracker-ui/node_modules/.bin"
+ENV PATH="$PATH:/home/vscode/.asdf/bin/:/workspaces/eps-workflow-quality-checks/node_modules/.bin"
 
 # Install ASDF plugins#
-RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git
+RUN asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git; \
+    asdf plugin add  terraform https://github.com/asdf-community/asdf-hashicorp.git;
 
 WORKDIR /workspaces/eps-workflow-quality-checks
 
 ADD .tool-versions /workspaces/eps-workflow-quality-checks/.tool-versions
 ADD .tool-versions /home/vscode/.tool-versions
 
 RUN asdf install; \
-    asdf reshim nodejs;
+    asdf reshim nodejs; \
+    asdf reshim terraform;

.github/workflows/quality-checks.yml

@@ -24,8 +24,8 @@ jobs:
       - uses: actions/setup-java@v4
         if: ${{ inputs.install_java }}
         with:
-          java-version: '21'
-          distribution: 'corretto'
+          java-version: "21"
+          distribution: "corretto"
 
       - name: Checkout code
         uses: actions/checkout@v4
@@ -87,6 +87,14 @@ jobs:
         env:
           PYTHON_CONFIGURE_OPTS: --enable-shared
 
+      - name: Debug
+        run: |
+          #!/bin/bash
+          set -euo pipefail
+          python --version
+          poetry run python --version
+          poetry run pip --version
+
       - name: Setting up .npmrc
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -127,7 +135,7 @@ jobs:
             echo "****************"
             echo "uses_java=false" >> $GITHUB_OUTPUT
           fi
-    
+
       - name: Check for SAM templates
         id: check_sam_templates
         run: |
@@ -157,7 +165,7 @@ jobs:
             echo "****************"
             echo "cf_exists=false" >> $GITHUB_OUTPUT
           fi
-  
+
       - name: Check for cdk
         id: check_cdk
         run: |
@@ -173,6 +181,21 @@ jobs:
             echo "cdk_exists=false" >> $GITHUB_OUTPUT
           fi
 
+      - name: Check for Terraform
+        id: check_terraform
+        run: |
+          if [ -f "**/*.tf" ]; then
+            echo "****************"
+            echo "Project has Terraform files"
+            echo "****************"
+            echo "terraform_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "****************"
+            echo "Project does not have Terraform files"
+            echo "****************"
+            echo "terraform_exists=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Check licenses (Makefile)
         run: |
           make check-licenses
@@ -202,7 +225,7 @@ jobs:
               echo "$INCOMPATIBLE_LIBS"
               exit 1
           fi
-  
+
       - name: Run code lint
         run: make lint
 
@@ -227,12 +250,12 @@ jobs:
 
       - name: Run unit tests
         run: make test
-  
+
       - name: Run cdk-synth
         if: steps.check_cdk.outputs.cdk_exists == 'true'
         run: |
           make cdk-synth
-  
+
       - name: Install AWS SAM CLI
         if: steps.check_sam_templates.outputs.sam_exists == 'true'
         run: |
@@ -323,12 +346,17 @@ jobs:
           name: cfn_guard_output
           path: cfn_guard_output
 
+      - name: Run Terraform quality checks
+        if: steps.check_terraform.outputs.terraform_exists == 'true'
+        run: |
+          make tf-quality-checks
+
       - name: Generate and check SBOMs
         uses: NHSDigital/eps-action-sbom@main
 
       - name: "check is SONAR_TOKEN exists"
-        env: 
-            super_secret: ${{ secrets.SONAR_TOKEN }}
+        env:
+          super_secret: ${{ secrets.SONAR_TOKEN }}
         if: ${{ env.super_secret != '' && inputs.run_sonar == true }}
         run: echo "SONAR_TOKEN_EXISTS=true" >> "$GITHUB_ENV"
 

.tool-versions

@@ -1 +1,2 @@
-nodejs 20.18.0
+nodejs 20.18.0
+terraform 1.10.2

README.md

@@ -66,6 +66,7 @@ In order to run, these `make` commands must be present. They may be mocked, if t
 - `test`
 - `check-licenses`
 - `cdk-synth` - only needed if packages/cdk folder exists
+- `tf-quality-checks` - only needed if the project uses Terraform
 
 ## Environment variables