chore: add pre-commit workflow for Terraform validation

Signed-off-by: Ghislain Cheng <ghislain.cheng@zama.ai>

Author: maxnovawind

.github/workflows/pre-commit.yaml

@@ -0,0 +1,99 @@
+name: Pre-Commit
+
+on:
+  pull_request:
+    branches:
+      - main
+      - master
+
+env:
+  TERRAFORM_DOCS_VERSION: v0.20.0
+  TFLINT_VERSION: v0.59.1
+
+jobs:
+  collectInputs:
+    name: Collect workflow inputs
+    runs-on: ubuntu-latest
+    outputs:
+      directories: ${{ steps.dirs.outputs.directories }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get root directories
+        id: dirs
+        uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
+
+  preCommitMinVersions:
+    name: Min TF pre-commit
+    needs: collectInputs
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
+    steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@v1.3.1
+        with:
+          directory: ${{ matrix.directory }}
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory !=  '.' }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
+        # Run only validate pre-commit check on min version supported
+        if: ${{ matrix.directory ==  '.' }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
+        with:
+          terraform-version: ${{ steps.minMax.outputs.minVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
+
+  preCommitMaxVersion:
+    name: Max TF pre-commit
+    runs-on: ubuntu-latest
+    needs: collectInputs
+    steps:
+      # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
+      - name: Delete huge unnecessary tools folder
+        run: |
+          rm -rf /opt/hostedtoolcache/CodeQL
+          rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
+          rm -rf /opt/hostedtoolcache/Ruby
+          rm -rf /opt/hostedtoolcache/go
+
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+
+      - name: Terraform min/max versions
+        id: minMax
+        uses: clowdhaus/terraform-min-max@v1.3.1
+
+      - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
+        with:
+          terraform-version: ${{ steps.minMax.outputs.maxVersion }}
+          tflint-version: ${{ env.TFLINT_VERSION }}
+          terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
+          install-hcledit: true

.gitignore

@@ -38,4 +38,4 @@ dev-cluster-config
 
 # Ignore files
 _*.go
-_*.yaml
+_*.yaml

.pre-commit-config.yaml

@@ -0,0 +1,32 @@
+repos:
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.100.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_docs
+        args:
+          - '--args=--lockfile=false'
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
+      - id: terraform_validate
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-merge-conflict
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+        args: [--fix=lf]

.terraform-docs.yml

@@ -46,4 +46,4 @@ settings:
   required: true
   sensitive: true
   type: true
-  wrap-word: false
+  wrap-word: false

README.md

@@ -48,64 +48,64 @@ graph TB
                 A_MPC["🔐 MPC Node<br/>Kubernetes Pod"]
                 A_EXT_SVC["🔗 ExternalName Service<br/>bob-mpc-service<br/>DNS: bob-mpc-service.mpc-network.svc.cluster.local"]
                 A_K8S_SVC["⚖️ LoadBalancer Service<br/>alice-mpc-lb-service<br/>Type: LoadBalancer"]
-                
+
                 A_MPC --> A_K8S_SVC
                 A_MPC --> A_EXT_SVC
             end
-            
+
             A_NLB["⚖️ Network LB<br/>(AWS Managed)"]
             A_S3["🗄️ S3 Storage<br/>Key Materials"]
             A_PROVIDER["🌉 VPC Endpoint Service<br/>(Expose to Bob)"]
             A_CONSUMER["🔌 VPC Endpoint Interface<br/>(Connect to Bob)"]
-            
+
             A_K8S_SVC --> A_NLB
             A_NLB --> A_PROVIDER
             A_EXT_SVC --> A_CONSUMER
             A_MPC -.-> A_S3
         end
     end
-    
+
     subgraph "Bob (eu-west-1)"
         subgraph "Bob Infrastructure"
             subgraph "EKS Cluster (bob-mpc-cluster)"
                 B_MPC["🔐 MPC Node<br/>Kubernetes Pod"]
                 B_EXT_SVC["🔗 ExternalName Service<br/>alice-mpc-service<br/>DNS: alice-mpc-service.mpc-network.svc.cluster.local"]
                 B_K8S_SVC["⚖️ LoadBalancer Service<br/>bob-mpc-lb-service<br/>Type: LoadBalancer"]
-                
+
                 B_MPC --> B_K8S_SVC
                 B_MPC --> B_EXT_SVC
             end
-            
+
             B_NLB["⚖️ Network LB<br/>(AWS Managed)"]
             B_S3["🗄️ S3 Storage<br/>Key Materials"]
             B_PROVIDER["🌉 VPC Endpoint Service<br/>(Expose to Alice)"]
             B_CONSUMER["🔌 VPC Endpoint Interface<br/>(Connect to Alice)"]
-            
+
             B_K8S_SVC --> B_NLB
             B_NLB --> B_PROVIDER
             B_EXT_SVC --> B_CONSUMER
             B_MPC -.-> B_S3
         end
     end
-    
+
     subgraph "AWS PrivateLink"
         PL["🔒 Cross-Region<br/>Private Network"]
     end
-    
+
     %% Bidirectional connections
     A_PROVIDER -.-> PL
     B_PROVIDER -.-> PL
     PL -.-> A_CONSUMER
     PL -.-> B_CONSUMER
-    
 
-    
+
+
     %% Styling
     classDef alice fill:#e3f2fd,stroke:#000000,stroke-width:2px,color:#000000
     classDef bob fill:#f3e5f5,stroke:#000000,stroke-width:2px,color:#000000
     classDef network fill:#e8f5e8,stroke:#000000,stroke-width:2px,color:#000000
     classDef benefit fill:#f5f5f5,stroke:#000000,stroke-width:2px,color:#000000
-    
+
     class A_MPC,A_EXT_SVC,A_K8S_SVC,A_NLB,A_S3,A_PROVIDER,A_CONSUMER alice
     class B_MPC,B_EXT_SVC,B_K8S_SVC,B_NLB,B_S3,B_PROVIDER,B_CONSUMER bob
     class PL network

examples/mpc-network-consumer/outputs.tf

@@ -3,4 +3,4 @@
 output "vpc_endpoint_consumer" {
   description = "Outputs from the mpc-endpoint-consumer module"
   value       = module.vpc_endpoint_consumer
-}
+}

examples/mpc-network-consumer/providers.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.10"
 
   required_providers {
     aws = {
@@ -40,4 +40,4 @@ provider "kubernetes" {
     args        = ["eks", "get-token", "--cluster-name", var.cluster_name, "--region", var.aws_region]
     command     = "aws"
   }
-}
+}

examples/mpc-network-consumer/terraform.tfvars.example

@@ -76,4 +76,4 @@ common_tags = {
 
 additional_tags = {
   "Project"     = "mpc-connectivity"
-}
+}

examples/mpc-network-consumer/variables.tf

@@ -41,17 +41,7 @@ variable "namespace" {
   default     = "mpc-partners"
 }
 
-variable "environment" {
-  description = "Environment name (e.g., dev, staging, prod)"
-  type        = string
-  default     = "dev"
-}
 
-variable "owner" {
-  description = "Owner of the resources for tagging purposes"
-  type        = string
-  default     = "mpc-consumer-team"
-}
 
 # Kubernetes Provider Configuration
 variable "kubeconfig_path" {
@@ -72,18 +62,6 @@ variable "use_eks_cluster_authentication" {
   default     = false
 }
 
-variable "aws_region_for_eks" {
-  description = "AWS region where the EKS cluster is located (for provider configuration)"
-  type        = string
-  default     = null
-}
-
-variable "use_eks_cluster_lookup" {
-  description = "Whether to automatically find the vpc/subnet/secg from the cluster name"
-  type        = bool
-  default     = false
-}
-
 # Direct VPC Configuration (Mode 2)
 variable "vpc_id" {
   description = "VPC ID where VPC interface endpoints will be created (required when use_eks_cluster_lookup is false)"
@@ -182,9 +160,3 @@ variable "common_tags" {
     "terraform" = "true"
   }
 }
-
-variable "additional_tags" {
-  description = "Additional tags to apply to resources"
-  type        = map(string)
-  default     = {}
-} 

examples/mpc-network-provider/outputs.tf

@@ -3,4 +3,4 @@
 output "vpc_endpoint_provider" {
   description = "Outputs from the vpc-endpoint-provider module"
   value       = module.vpc_endpoint_provider
-}
+}