tflint
If you are using the GitHub action please use the
TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES: GITHUB_TOKEN
to prevent plugin download issues
tflint documentation
- Version in MegaLinter: 0.50.1
- Visit Official Web Site
- See How to configure tflint rules
- If custom
.tflint.hcl
config file isn't found, .tflint.hcl will be used
- If custom
- See How to disable tflint rules in files
- See Index of problems detected by tflint
Configuration in MegaLinter
- Enable tflint by adding
TERRAFORM_TFLINT
in ENABLE_LINTERS variable - Disable tflint by adding
TERRAFORM_TFLINT
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
TERRAFORM_TFLINT_SECURED_ENV | Allows to send the full env to tflint --init. Initialized with default value true . Set to false to allow tflint --init to access your env vars. |
True |
TERRAFORM_TFLINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
TERRAFORM_TFLINT_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
TERRAFORM_TFLINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".tf"] |
TERRAFORM_TFLINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
TERRAFORM_TFLINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
TERRAFORM_TFLINT_POST_COMMANDS | List of bash commands to run after the linter | None |
TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling TERRAFORM_TFLINT and its pre/post commands | None |
TERRAFORM_TFLINT_CONFIG_FILE | tflint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.tflint.hcl |
TERRAFORM_TFLINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
TERRAFORM_TFLINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
TERRAFORM_TFLINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
TERRAFORM_TFLINT_CLI_EXECUTABLE | Override CLI executable | ['tflint'] |
MegaLinter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 121 | ||
cupcake | MegaLinter for the most commonly used languages | 83 | ||
security | Optimized for security | 23 | ||
terraform | Optimized for TERRAFORM based projects | 54 |
Behind the scenes
How are identified applicable files
- File extensions:
.tf
How the linting is performed
tflint is called once on the whole project directory (project
CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using tflint configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
doesn't make tflint analyze only updated files
Example calls
tflint
tflint -c .tflint.hcl
Help content
Usage:
tflint --chdir=DIR/--recursive [OPTIONS]
Application Options:
-v, --version Print TFLint
version
--init Install plugins
--langserver Start language
server
-f, --format=[default|json|checkstyle|junit|compact|sarif] Output format
-c, --config=FILE Config file
name (default:
.tflint.hcl)
--ignore-module=SOURCE Ignore module
sources
--enable-rule=RULE_NAME Enable rules
from the
command line
--disable-rule=RULE_NAME Disable rules
from the
command line
--only=RULE_NAME Enable only
this rule,
disabling all
other defaults.
Can be
specified
multiple times
--enable-plugin=PLUGIN_NAME Enable plugins
from the
command line
--var-file=FILE Terraform
variable file
name
--var='foo=bar' Set a Terraform
variable
--call-module-type=[all|local|none] Types of module
to call
(default: local)
--chdir=DIR Switch to a
different
working
directory
before
executing the
command
--recursive Run command in
each directory
recursively
--filter=FILE Filter issues
by file names
or globs
--force Return zero
exit status
even if issues
found
--minimum-failure-severity=[error|warning|notice] Sets minimum
severity level
for exiting
with a non-zero
error code
--color Enable
colorized output
--no-color Disable
colorized output
--fix Fix issues
automatically
--no-parallel-runners Disable
per-runner
parallelism
Help Options:
-h, --help Show this help
message
Installation on mega-linter Docker image
- Dockerfile commands :
FROM ghcr.io/terraform-linters/tflint:v0.50.1 as tflint
COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/