feat(INT-83): dial in configs for tflint

.github/workflows/lint.yaml

@@ -20,6 +20,10 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Trunk Check
         uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
+        env:
+          # NOTE: inject the GITHUB_TOKEN for the trunk managed tflint linter
+          # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   conventional-title:
     runs-on: ubuntu-latest

.gitignore

@@ -16,6 +16,7 @@
 # IDE/Editor settings
 **/.idea
 **/*.iml
+.cursor/
 .vscode/
 *.orig
 *.draft
@@ -43,4 +44,4 @@ backend.tf.json
 **/*.temp
 **/*.bak
 **/*.*swp
-**/.DS_Store
+**/.DS_Store

.trunk/configs/.tflint.hcl

@@ -0,0 +1,42 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "all"
+}
+
+config {
+  format = "compact"
+
+  # Inspect vars passed into "module" blocks. eg, lint AMI value passed into ec2 module.
+  # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/calling-modules.md
+  call_module_type = "all"
+
+  # default values but keeping them here for clarity
+  disabled_by_default = false
+  force = false
+}
+
+# Installing tflint rulesets from Github requires setting a GITHUB_TOKEN
+# environment variable. Without it, you'll get an error like this:
+#   $ tflint --init
+#   Installing "aws" plugin...
+#   Failed to install a plugin; Failed to fetch GitHub releases: GET https://api.github.com/repos/terraform-linters/tflint-ruleset-aws/releases/tags/v0.39.0: 401 Bad credentials []
+#
+# The solution is to provide a github PAT via a GITHUB_TOKEN env var,
+# export GITHUB_TOKEN=github_pat_120abc123def456ghi789jkl123mno456pqr789stu123vwx456yz789
+#
+# See docs for more info: https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+plugin "aws" {
+  enabled = true
+  version = "0.39.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+  deep_check = false
+}
+
+# Allow variables to exist in more files than ONLY variables.tf
+# Example use cases where we prefer for variables to exist in context,
+# - context.tf (applicable to the null-label module)
+# - providers.tf (when passing in secret keys from SOPs - example, github provider)
+# https://github.com/terraform-linters/tflint-ruleset-terraform/blob/main/docs/rules/terraform_standard_module_structure.md
+rule "terraform_standard_module_structure" {
+  enabled = false
+}

.trunk/trunk.yaml

@@ -31,6 +31,13 @@ lint:
     - trivy@0.63.0
     - trufflehog@3.88.35
     - yamllint@1.37.1
+  # NOTE(tflint): specific override required so it uses .tflint.hcl file in .trunk/configs directory
+  # https://github.com/trunk-io/plugins/tree/main/linters/tflint
+  definitions:
+    - name: tflint
+      environment:
+        - name: TFLINT_CONFIG_FILE
+          value: ${workspace}/.trunk/configs/.tflint.hcl
   ignore:
     - linters: [tofu]
       paths:

README.md

@@ -8,7 +8,24 @@
 
 ## Purpose and Functionality
 
-This repository serves as a template for creating Terraform modules, providing a standardized structure and essential files for efficient module development. It's designed to ensure consistency and our best practices across Terraform projects.
+This repository serves as a template for creating Terraform modules, providing a standardized structure and essential files for efficient module development. It is designed to ensure consistency and promote our best practices across all Terraform projects.
+
+It comes pre-configured with Masterpoint's curation of open source tools, which our team uses to operate more effectively within Terraform and OpenTofu codebases.
+
+- [**aqua**](https://aquaproj.github.io/): Declarative CLI tool verison manager
+- **tofu + terraform test workflows**: For continuously testing our TF code
+- [**terraform-docs**](https://terraform-docs.io/): Easily add terraform docs to the README
+- [**trunk**](https://docs.trunk.io/references/cli/getting-started): Trunk CLI for managing code quality (linters + checks)
+  - **actionlint**: Linter for GitHub Actions workflows
+  - **checkov**: Infrastructure as Code (IaC) security scanner
+  - **git-diff-check**: Checks for issues in git diffs
+  - **markdownlint**: Linter for Markdown files
+  - **prettier**: Code formatter for consistent style
+  - **renovate**: Automated dependency updates
+  - **tflint**: Terraform linter for best practices and error detection
+  - **trivy**: Scans containers and artifacts for vulnerabilities
+  - **trufflehog**: Secret and sensitive data scanner
+  - **yamllint**: Linter for YAML files
 
 ## Usage
 

examples/complete/main.tf

@@ -1 +1 @@
-# complete.tf
+# complete/main.tf

examples/complete/outputs.tf

@@ -1 +1 @@
-# complete.tf
+# complete/outputs.tf

examples/complete/variables.tf

@@ -1 +1 @@
-# complete.tf
+# complete/variables.tf

examples/complete/versions.tf

@@ -0,0 +1,5 @@
+# complete/versions.tf
+
+terraform {
+  required_version = ">= 1.0.0"
+}