improve tests

.github/labeler.yml

@@ -0,0 +1,17 @@
+# Add 'feature' label to any PR where the head branch name starts with `feature` or has a `feature` section in the name
+feature:
+  - head-branch: ['^feature', 'feature']
+
+# Add 'test' label to any changes within 'test' folder or any subfolders
+test:
+  - changed-files:
+      - any-glob-to-any-file:
+        - test/**.go
+        - test/**/go.mod
+        - modules/fixtures/**
+
+terraform:
+  - changed-files:
+      - any-glob-to-any-file:
+          - modules/**.tf
+          - .tool-versions

.github/workflows/labeler.yml

@@ -0,0 +1,13 @@
+name: "Pull Request Labeler"
+on:
+  pull_request_target:
+  schedule:
+    - cron: "0 1 * * 1"
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5

.github/workflows/lint.yml

@@ -6,8 +6,6 @@ on:
   push:
   workflow_dispatch:
 
-# TODO: copy lint logic of eks repo
-
 jobs:
   lint:
     name: pre-commit

.github/workflows/tests.yml

@@ -1,9 +1,17 @@
 ---
 name: Cluster creation and destruction test
 
-# TODO: align this with EKS current strategy
 on:
-  push:
+    workflow_dispatch:
+    pull_request:
+        # the paths should be synced with ../labeler.yml
+        paths:
+        - modules/fixtures/**
+        - modules/**.tf
+        - .tool-versions
+        - .github/workflows/tests.yml
+        - .github/actions/**
+        - justfile
 
 # limit to a single execution per actor of this workflow
 concurrency:
@@ -13,15 +21,10 @@ env:
   AWS_PROFILE: "infex"
   AWS_REGION: "eu-west-2"
   TF_S3_BUCKET: "camunda-tf-rosa"
-  CLUSTER_NAME: "mycluster"
 
 jobs:
 
-    # TODO: implement same logic as EKS
-  # We can skip some tests using the commit description (skip-tests:NameOfTest1,NameOfTest2) or all tests (skip-tests:all) (see `DEVELOPER.md`)
-  # If all tests are skipped, the result of this workflow will be `failed` on purpose
-  # If you want to skip tests and have no error, you need to use `testing-ci-not-necessary` as a label on the PR
-  configure-tests:
+  action-test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
@@ -30,6 +33,10 @@ jobs:
           ref: ${{ github.head_ref }}
           fetch-depth: 0
 
+      - name: Get Short GitHub SHA
+        id: short_git_sha
+        run: echo "short_git_sha=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
+
       - name: Import Secrets
         id: secrets
         uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
@@ -57,7 +64,7 @@ jobs:
         uses: ./.github/actions/rosa-create-cluster
         with:
           rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
-          cluster-name: "${{ env.CLUSTER_NAME }}"
+          cluster-name: "tf-rosa-${{ steps.short_git_sha.outputs.short_git_sha }}"
           admin-password: "${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}"
           aws-region: ${{ env.AWS_REGION }}
           namespace:  "myns"
@@ -69,6 +76,6 @@ jobs:
         uses: ./.github/actions/rosa-delete-cluster
         with:
           rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
-          cluster-name: "${{ env.CLUSTER_NAME }}"
+          cluster-name: "tf-rosa-${{ steps.short_git_sha.outputs.short_git_sha }}"
           aws-region: ${{ env.AWS_REGION }}
           s3-backend-bucket: ${{ env.TF_S3_BUCKET }}

.lint/terraform_docs/.terraform-docs.yml

@@ -0,0 +1,42 @@
+---
+# Configuration documentation https://terraform-docs.io/user-guide/configuration/
+formatter: "markdown table"  # Required
+version: "0.17"
+
+header-from: main.tf
+footer-from: ""
+
+recursive:
+  enabled: false
+
+content: |-
+  {{ .Modules }}
+  {{ .Resources }}
+  {{ .Inputs }}
+  {{ .Outputs }}
+sections:
+  hide: []
+  show: []
+
+output-values:
+  enabled: false
+  from: ""
+
+sort:
+  enabled: true
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: true
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: false
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true

.lint/tflint/.tflint.hcl

@@ -0,0 +1,25 @@
+# Standard ruleset documentation: https://github.com/terraform-linters/tflint-ruleset-terraform/tree/main/docs/rules
+
+rule "terraform_naming_convention" {
+    enabled = true
+    custom = "^[a-z][a-z0-9_]{0,62}[a-z0-9]$"
+    module {
+        custom = "^[a-z][a-z0-9_]{0,70}[a-z0-9]$"
+    }
+}
+
+rule "terraform_typed_variables" {
+    enabled = false
+}
+
+rule "terraform_unused_declarations" {
+    enabled = false
+}
+
+rule "terraform_required_version" {
+    enabled = false
+}
+
+rule "terraform_required_providers" {
+    enabled = false
+}

.pre-commit-config.yaml

@@ -34,6 +34,20 @@ repos:
       stages: [commit-msg]
       args: ["--strict" , "--force-scope"]
 
+- repo: https://github.com/antonbabenko/pre-commit-terraform
+  rev: v1.88.4
+  hooks:
+  - id: terraform_fmt
+  - id: terraform_tflint
+    args:
+    - --args=--config=__GIT_WORKING_DIR__/.lint/tflint/.tflint.hcl
+  - id: terraform_docs
+    args:
+    - --hook-config=--path-to-file=README.md
+    - --hook-config=--create-file-if-not-exist=true
+    - --hook-config=--add-to-existing-file=true
+    - --args=--config=.lint/terraform_docs/.terraform-docs.yml
+
 - repo: https://github.com/tcort/markdown-link-check
   rev: v3.12.1 # use tags until renovate supports sha: https://github.com/renovatebot/renovate/issues/22567
   hooks:

.tool-versions

@@ -3,20 +3,21 @@
 # check it with
 # diff <(sed '/^#/d; /^$/d' .tool-versions | sort) <(sed '/^#/d; /^$/d' .tool-versions) && echo ".tool-versions is sorted correctly" || echo ".tool-versions is not sorted correctly"
 
-# renovate: datasource=github-releases depName=aws/aws-cli
 awscli 2.15.42
 
-# renovate: datasource=golang-version depName=golang
 golang 1.22.2
 
-# renovate: datasource=github-releases depName=casey/just
 just 1.25.2
 
-# renovate: datasource=github-releases depName=pre-commit/pre-commit
 pre-commit 3.7.0
 
-# renovate: datasource=github-releases depName=hashicorp/terraform
 terraform 1.8.2
 
+terraform-docs 0.17.0
+
+tflint 0.50.3
+
+tfsec 1.28.5
+
 # TODO: rosa and oc not supported
 # TODO: add helm