Terraform Integration

[BenLloydPearson]

Assign Terraform Reviews

Automation Name: review_terraform

Automatically route Terraform changes to the appropriate team for review.

Conditions (all must be true):

• The PR contains changes to one or more Terraform configuration files.

Automation Actions:

• Require a review from the org/infrastructure team.
• Post a comment to explain why this team was assigned for review.

Review New Terraform Modules

Automation Name: review_new_terraform_module

Request changes if a PR that creates a new Terraform module is missing one or more required components.

Conditions (all must be true):

• The PR creates a new Terraform module
  • A new sub-directory is created inside the /modules directory.
• The PR lacks one or more required components from the list in the terraform custom expression.

Automation Actions:

• Request changes and post a comment explaining why.
  • See content for comment below
  • Apply an orange label: ⚠️ Missing Terraform Components

Comment:

New terraform modules must contain all required components before merging. Please update your PR with the required components and gitStream will automatically remove this comment once completed.

Here are the required components, `my_module` and `example1` should be customized appropriately:
my_module/
├── main.tf
├── variables.tf
├── outputs.tf
├── README.md
└── examples/
    └── example1/

Notes for content producer:

• my_module and example1 could be named anything, so the automation should account for this.
• Use a list of paths in a custom expression named terraform to detect the required components. You will need a for loop to process them, similar to the deprecated components example.

resources::
  module_directory: 'modules'
terraform:
  - '{{ module_directory }}/*

Review Terraform Source Version

Automation Name: review_terraform_source_version

Ensure that all Terraform modules imported via a source URL specify a version.

Conditions (all must be true):

• The PR contains a Terraform source declaration via URL that lacks a version reference
• The source is not included in a whitelist custom expression that defines one or more whitelisted source locations.

Automation Actions:

• Request changes and post a comment explaining why.
  • You must reference a specific version when accessing Terraform module sources via URL, e.g. ?ref=v1.0.0. Please update your Terraform files to follow this practice.

Notes for content producer:

• Here is an example of a URL that references version 1.0.0. This automation needs to use regex to detect that the source = declaration lacks a reference declaration, eg. ref=v*.
  source = "git::https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v1.0.0"

Reivew Terraform Module Name

Automation Name: review_terraform_module_name

Request changes if a PR creates a new Terraform module that is missing a required prefix or keyword in the name.

Conditions (all must be true):

• The PR creates a new Terraform module
• The module name lacks a required name prefix, or one or more keywords.

Automation Actions:

• Request changes and post a comment explaining why.

Notes for content producer
The comment gitStream posts should look like this. Please ensure the prefixes and keywords are properly displayed.

Terraform module names must contain a required prefix and keyword:
* Prefixes: {{ terraform.prefixes }}
* Keywords: {{ terraform.keywords }}

Use this custom expression to define the required keywords and prefixes.

terraform:
  prefixes: ['aws', 'gcp', 'azure']
  keywords: ['db', 'networking', 'security']

[BenLloydPearson]

https://docs.gitstream.cm/integrations/terraform