feat!: Central CI for TF

.github/workflows/_charm-terraform.yaml

@@ -0,0 +1,60 @@
+name: Terraform
+
+on:
+  workflow_call:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**/*.tf'
+
+jobs:
+  lint-terraform:
+    name: Lint Terraform format
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          sudo snap install terraform --classic
+          sudo snap install just --classic
+      - name: Lint the Terraform modules
+        run: just lint-terraform
+  lint-terraform-docs:
+    name: Lint Terraform docs
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          sudo snap install terraform --classic
+          sudo snap install terraform-docs
+          sudo snap install just --classic
+      - name: Lint the Terraform docs
+        run: just lint-terraform-docs
+  validate-terraform:
+    name: Terraform validate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          sudo snap install terraform --classic
+          sudo snap install just --classic
+      - name: Validate the Terraform modules
+        run: just validate-terraform
+  lint-terraform-endpoints:
+    name: Lint Terraform outputs.tf endpoints
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install dependencies
+        run: |
+          sudo snap install terraform --classic
+          sudo snap install just --classic
+      - name: Lint the Terraform outputs.tf endpoints
+        run: just lint-terraform-endpoints

.github/workflows/charm-pull-request.yaml

@@ -124,3 +124,10 @@ jobs:
       parallelize-integration: ${{ inputs.parallelize-integration }}
       automatically-retry-hooks: ${{ inputs.automatically-retry-hooks }}
 
+  terraform-checks:
+    name: Terraform Quality Checks
+    needs:
+      - ci-ignore
+    if: needs.ci-ignore.outputs.any_modified == 'true'
+    uses: canonical/observability/.github/workflows/_charm-terraform.yaml@feat/tf-ci # FIXME: use a tag when available
+    secrets: inherit

justfile

@@ -1,33 +1,19 @@
 set quiet  # Recipes are silent by default
 set export  # Just variables are exported to the environment
 
-terraform := `which terraform || which tofu || echo ""` # require 'terraform' or 'opentofu'
-
 [private]
 default:
   just --list
 
 # Lint everything
 [group("Lint")]
-lint: lint-terraform lint-workflows
+lint: lint-workflows
 
 # Format everything 
-[group("Format")]
-fmt: format-terraform
-
-# Lint the Terraform modules
-[group("Lint")]
-lint-terraform:
-  if [ -z "${terraform}" ]; then echo "ERROR: please install terraform or opentofu"; exit 1; fi
-  $terraform fmt -check -recursive -diff
+# [group("Format")]
+# fmt: format-terraform
 
 # Lint the Github workflows
 [group("Lint")]
 lint-workflows:
   uvx --from=actionlint-py actionlint
-
-# Format the Terraform modules
-[group("Format")]
-format-terraform:
-  if [ -z "${terraform}" ]; then echo "ERROR: please install terraform or opentofu"; exit 1; fi
-  $terraform fmt -recursive -diff