TFLint with Custom Flows

Developers have compilers and linters to help catch errors while they’re coding. DevOps engineers have something similar for Terraform through TFLint.  Our DevOps Advocate, Tim, recently featured it in his Quick Tech series here (check out the 2.5-minute video for a quick demo of TFLint standalone).

So what’s TFLint? It’s an open-source project for Terraform, and it allows you to catch common errors, warn about deprecated syntax, and enforce best practices.

This post will show you how one of our community members integrated TFLint into their env0 deployment process using our Custom Flows feature.

Sample code can be found here.  Special shout out to Matt McLane (DocNetwork) for contributing this example.

Integrating TFLint with env0 -- What’s in it for you?

First, why should we integratie TFLint?  Similar to any developer tool, linting helps us check that we’re following best practices, catching mistakes early, and enforcing basic style guidelines.  By catching mistakes earlier, we’re “shifting-left” and giving the DevOps engineer a quicker heads-up to possible issues  in the deployment lifecycle.  By integrating TFLint into env0, we ensure greater consistency with additional safety in our deployments!

The Setup

In order to get TFLint running in your env0 deployment, you need to utilize env0’s Custom Flows feature.  This simply means adding an `env0.yml` in the repo where your Terraform files reside.

Here are the contents of the `env0.yml`

version: 1

deploy:
   steps:
     setupVariables:
         after:
            - curl -L https://github.com/terraform-linters/tflint/releases/download/v0.32.1/tflint_linux_amd64.zip -o tflint.zip && unzip tflint.zip -d /opt && rm tflint.zip
            - tflint --version
            - cp ../../.tflint.hcl . # Change this path to be reflect to your repository.
            - tflint --init

   
      terraformInit:
         after:
            - tflint 1>&2

This Custom Flow will download the tflint binary, copy the tflint.hcl which contains the plugins configuration (like which cloud provider) for tflint, and lastly, perform a tflint init to download the plugins for tflint.

Note: “1>&2” is an I/O redirection to help env0 display errors at the top of the deployment UI.

In Action

Here is a complete example of the tflint integration in action: GitHub Repo.

For demonstration purposes, we will purposefully set an unsupported instance size for EC2 to “t1000.xxlarge”