CCM-14510 Fix Test and TF Make Targets

.github/actions/lint-terraform/action.yaml

@@ -7,15 +7,16 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: "Install Terraform binary"
+      shell: bash
+      run: |
+        asdf plugin add terraform || true
+        asdf install terraform || true
     - name: "Check Terraform format"
       shell: bash
       run: |
         check_only=true scripts/githooks/check-terraform-format.sh
     - name: "Validate Terraform"
       shell: bash
       run: |
-        stacks=${{ inputs.root-modules }}
-        for dir in $(find infrastructure/environments -maxdepth 1 -mindepth 1 -type d; echo ${stacks//,/$'\n'}); do
-          dir=$dir opts='-backend=false' make terraform-init
-          dir=$dir make terraform-validate
-        done
+        make terraform-validate-all

.github/workflows/stage-1-commit.yaml

@@ -166,6 +166,8 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v6
+      - name: "Setup ASDF"
+        uses: asdf-vm/actions/setup@b7bcd026f18772e44fe1026d729e1611cc435d47 # v4
       - name: "Lint Terraform"
         uses: ./.github/actions/lint-terraform
   trivy-iac:

infrastructure/terraform/components/reporting/backup_restore_testing_plan_main.tf

@@ -1,6 +1,6 @@
 resource "aws_backup_restore_testing_plan" "main" {
   count = var.enable_s3_backup ? 1 : 0
-  name = replace("${local.csi}_restore_testing_plan", "-", "_")
+  name  = replace("${local.csi}_restore_testing_plan", "-", "_")
 
   recovery_point_selection {
     algorithm            = "LATEST_WITHIN_WINDOW"

infrastructure/terraform/components/reporting/backup_restore_testing_selection_comms_backup_restore_selection_s3.tf

@@ -1,5 +1,5 @@
 resource "aws_backup_restore_testing_selection" "backup_restore_testing_selection_s3" {
-  count = var.enable_s3_backup ? 1 : 0
+  count                     = var.enable_s3_backup ? 1 : 0
   name                      = replace("${local.csi}_s3_backup_restore", "-", "_")
   restore_testing_plan_name = aws_backup_restore_testing_plan.main[0].name
   protected_resource_type   = "S3"

infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_athena_workgroup_processed_bytes_core.tf

@@ -7,7 +7,7 @@ resource "aws_cloudwatch_metric_alarm" "athena_workgroup_processed_bytes_core" {
   threshold_metric_id = "ad1"
 
   metric_query {
-    id          = "m1"
+    id = "m1"
     metric {
       metric_name = "ProcessedBytes"
       namespace   = "AWS/Athena"

infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_athena_workgroup_processed_bytes_housekeeping.tf

@@ -7,7 +7,7 @@ resource "aws_cloudwatch_metric_alarm" "athena_workgroup_processed_bytes_houseke
   threshold_metric_id = "ad1"
 
   metric_query {
-    id          = "m1"
+    id = "m1"
     metric {
       metric_name = "ProcessedBytes"
       namespace   = "AWS/Athena"

infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_athena_workgroup_processed_bytes_ingestion.tf

@@ -7,7 +7,7 @@ resource "aws_cloudwatch_metric_alarm" "athena_workgroup_processed_bytes_ingesti
   threshold_metric_id = "ad1"
 
   metric_query {
-    id          = "m1"
+    id = "m1"
     metric {
       metric_name = "ProcessedBytes"
       namespace   = "AWS/Athena"

infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_athena_workgroup_processed_bytes_setup.tf

@@ -7,7 +7,7 @@ resource "aws_cloudwatch_metric_alarm" "athena_workgroup_processed_bytes_setup"
   threshold_metric_id = "ad1"
 
   metric_query {
-    id          = "m1"
+    id = "m1"
     metric {
       metric_name = "ProcessedBytes"
       namespace   = "AWS/Athena"

infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_athena_workgroup_processed_bytes_user.tf

@@ -7,7 +7,7 @@ resource "aws_cloudwatch_metric_alarm" "athena_workgroup_processed_bytes_user" {
   threshold_metric_id = "ad1"
 
   metric_query {
-    id          = "m1"
+    id = "m1"
     metric {
       metric_name = "ProcessedBytes"
       namespace   = "AWS/Athena"

infrastructure/terraform/components/reporting/cloudwatch_metric_alarm_degraded_latency.tf

@@ -7,19 +7,19 @@ resource "aws_cloudwatch_metric_alarm" "degraded_latency" {
   treat_missing_data  = "notBreaching"
 
   metric_query {
-    id     = "degraded_latencies_count_max"
-    expression = <<-EOT
+    id          = "degraded_latencies_count_max"
+    expression  = <<-EOT
       SELECT MAX(DegradedLatenciesCount)
       FROM "Notify/Watchdog"
       WHERE environment='${var.environment}'
       GROUP BY environment, clientid, campaignid
     EOT
     return_data = false
-    period = 3600
+    period      = 3600
   }
 
   metric_query {
-    id          = "degraded_client_campaign_count"
+    id = "degraded_client_campaign_count"
     # Not particularly intuitive but needed to perform arithmetic on TS[] to count distinct series
     expression  = "SUM(CEIL(degraded_latencies_count_max / (MAX(degraded_latencies_count_max) + 1)))"
     return_data = true

infrastructure/terraform/components/reporting/ssm_maintenance_window_task_patch_task.tf

@@ -7,7 +7,7 @@ resource "aws_ssm_maintenance_window_task" "patch_task_sunday" {
   task_type   = "RUN_COMMAND"
 
   targets {
-    key = "WindowTargetIds"
+    key    = "WindowTargetIds"
     values = [aws_ssm_maintenance_window_target.windows_instances_sunday[0].id]
   }
 

scripts/config/pre-commit.yaml

@@ -13,7 +13,7 @@ repos:
       - id: mixed-line-ending
       - id: pretty-format-json
         args: ['--autofix']
-    # -   id: ...
+        exclude: '(^|/)package(-lock)?\.json$'
   - repo: local
     hooks:
       - id: sort-dictionary

scripts/githooks/check-terraform-format.sh

@@ -29,11 +29,11 @@ function main() {
 #   check_only=[do not format, run check only]
 function terraform-fmt() {
 
-  local opts=
   if is-arg-true "$check_only"; then
-    opts="-check"
+    make terraform-fmt-check
+  else
+    make terraform-fmt
   fi
-  opts=$opts make terraform-fmt
 }
 
 # ==============================================================================

scripts/githooks/check-todos.sh

@@ -120,7 +120,7 @@ function search_todos() {
 
     # If the file is excluded, skip it
     if [ "$skip" = false ] && [ -f "$file" ]; then
-      file_todos=$(grep -nHiE '\bTODO\b' "$file" || true)
+      file_todos=$(grep -nHiE '\bTODO(:| )' "$file" || true)
       [ -n "$file_todos" ] && todos+="$file_todos\n"
     fi
   done
@@ -136,7 +136,7 @@ function filter_todos_with_valid_jira_ticket() {
 
   while IFS= read -r line; do
     # Only lines with TODO but without a valid JIRA ticket
-    if grep -qnHiE '\bTODO\b' <<< "$line"; then
+    if grep -qnHiE '\bTODO(:| )' <<< "$line"; then
       if ! [[ "$line" =~ $jira_regex ]]; then
         todos_without_ticket+="$line\n"
       fi

scripts/init.mk

@@ -46,8 +46,8 @@ _install-dependency: # Install asdf dependency - mandatory: name=[listed in the
 	asdf install ${name} $(or ${version},)
 
 _install-dependencies: # Install all the dependencies listed in .tool-versions
-	for plugin in $$(grep ^[a-z] .tool-versions | sed 's/[[:space:]].*//'); do
-		make _install-dependency name="$${plugin}"
+	for plugin in $$(grep '^[a-z]' .tool-versions | cut -f1 -d' '); do \
+		$(MAKE) _install-dependency name=$${plugin}; \
 	done
 
 clean:: # Remove all generated and temporary files (common) @Operations

scripts/setup/setup.sh

@@ -25,7 +25,7 @@ function run-setup() {
   check-setup-status
 }
 
-# Check the exit status of tfsec.
+# Check the exit status of setup.
 function check-setup-status() {
 
   if [ $? -eq 0 ]; then