chore: run tflint in ci (#7)

Author: albertodonato

.github/workflows/ci.yml

@@ -9,20 +9,41 @@ on:
       - main
 
 jobs:
-  Lint:
+  lint-tf:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
       - name: Set tool versions
         uses: wistia/parse-tool-versions@v1.0
+        with:
+          prefix: TOOL_VERSION_
+
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: ${{ env.TERRAFORM_TOOL_VERSION }}
+          terraform_version: ${{ env.TOOL_VERSION_TERRAFORM }}
+
       - name: Check formatting
         run: |
           terraform fmt -recursive -check
+
+      - name: Setup TFLint
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: ${{ env.TOOL_VERSION_TFLINT }}
+
+      - name: Run TFLint
+        run: |
+          tflint -f compact --recursive
+
+  lint-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
       - name: Check documentation
         uses: terraform-docs/gh-actions@v1.4.1
         with:

.tool-versions

@@ -1 +1,2 @@
 terraform 1.11.3
+tflint 0.56.0

access/README.md

@@ -8,6 +8,7 @@ AWS account.
 
 | Name | Version |
 |------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.11.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.94.0 |
 
 ## Providers
@@ -56,7 +57,7 @@ No modules.
 | <a name="input_execution_extra_roles"></a> [execution\_extra\_roles](#input\_execution\_extra\_roles) | Additional roles to grant to Stacklet for policies execution.<br/><br/>If provided, this must be a map from the role name (which gets the prefix<br/>prepended) and a list of permissions to grant to the role in addition to the<br/>default read-only permissions. | `map(list(string))` | `{}` | no |
 | <a name="input_iam_path"></a> [iam\_path](#input\_iam\_path) | A path for IAM created IAM roles. If set, it must include leading and trailing slashes | `string` | `"/"` | no |
 | <a name="input_iam_region"></a> [iam\_region](#input\_iam\_region) | Region where IAM resouces should be created. If you don't use us-east-1, set this to a region you do use. | `string` | `"us-east-1"` | no |
-| <a name="input_prefix"></a> [prefix](#input\_prefix) | An arbitrary prefix pretended to names of created resources | `any` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | An arbitrary prefix pretended to names of created resources | `string` | n/a | yes |
 | <a name="input_stacklet_assetdb_role_arn"></a> [stacklet\_assetdb\_role\_arn](#input\_stacklet\_assetdb\_role\_arn) | ARN for the role used by AssetDB - Provided by Stacklet | `string` | n/a | yes |
 | <a name="input_stacklet_event_bus_arn"></a> [stacklet\_event\_bus\_arn](#input\_stacklet\_event\_bus\_arn) | ARN for event bus used for event forwarding - Provided by Stacklet | `string` | n/a | yes |
 | <a name="input_stacklet_execution_role_arn"></a> [stacklet\_execution\_role\_arn](#input\_stacklet\_execution\_role\_arn) | ARN for the role used by policies Execution - Provided by Stacklet | `string` | n/a | yes |

access/provder.tf

@@ -5,4 +5,6 @@ terraform {
       version = "5.94.0"
     }
   }
+
+  required_version = "~> 1.11.3"
 }

access/variables.tf

@@ -20,6 +20,7 @@ variable "stacklet_external_id" {
 
 variable "prefix" {
   description = "An arbitrary prefix pretended to names of created resources"
+  type        = string
 }
 
 variable "iam_path" {

atlantis.yaml

@@ -9,7 +9,7 @@ projects:
     name: .dummy
     dir: .dummy
     workflow: dev
-    terraform_version: v1.10.1
+    terraform_version: v1.11.3
     autoplan:
       when_modified:
         - "*.tf*"

atlantis/dev/access-backend.tf

@@ -5,4 +5,6 @@ terraform {
     region  = "us-east-2"
     profile = "Test-Runner"
   }
+
+  required_version = "~> 1.11.3"
 }

org-read/README.md

@@ -10,6 +10,7 @@ This modules adds an IAM role to allow Stacklet to discovery accounts in the org
 
 | Name | Version |
 |------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.11.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | 5.94.0 |
 
 ## Providers
@@ -38,7 +39,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_iam_path"></a> [iam\_path](#input\_iam\_path) | A path for IAM created IAM roles. If set, it must include leading and trailing slashes | `string` | `"/"` | no |
-| <a name="input_prefix"></a> [prefix](#input\_prefix) | An arbitrary prefix pretended to names of created resources | `any` | n/a | yes |
+| <a name="input_prefix"></a> [prefix](#input\_prefix) | An arbitrary prefix pretended to names of created resources | `string` | n/a | yes |
 | <a name="input_stacklet_assetdb_role_arn"></a> [stacklet\_assetdb\_role\_arn](#input\_stacklet\_assetdb\_role\_arn) | ARN for the role used by AssetDB - Provided by Stacklet | `string` | n/a | yes |
 | <a name="input_stacklet_external_id"></a> [stacklet\_external\_id](#input\_stacklet\_external\_id) | ID of the Stacklet delpoyment to restrict what can assume the roles - Provided by Stacklet | `string` | n/a | yes |
 | <a name="input_stacklet_platform_role_arn"></a> [stacklet\_platform\_role\_arn](#input\_stacklet\_platform\_role\_arn) | ARN for the role used by Platform - Provided by Stacklet | `string` | n/a | yes |

org-read/provder.tf

@@ -5,4 +5,6 @@ terraform {
       version = "5.94.0"
     }
   }
+
+  required_version = "~> 1.11.3"
 }

org-read/variables.tf

@@ -15,6 +15,7 @@ variable "stacklet_external_id" {
 
 variable "prefix" {
   description = "An arbitrary prefix pretended to names of created resources"
+  type        = string
 }
 
 variable "iam_path" {