tflint
If you are using the GitHub action please use the
TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES: GITHUB_TOKEN
to prevent plugin download issuesIf you have issues with tflint --init, create a GitHub Personal Access Token and set its value to PAT_GITHUB_COM variable.
Note: It's recommended to create your own .tflint.hcl
custom config file tailored to your project's specific needs.
The default configuration enables all supported languages and rules, which may not be optimal for every project.
tflint documentation
- Version in MegaLinter: 0.54.0
- Visit Official Web Site
- See How to configure tflint rules
- If custom
.tflint.hcl
config file isn't found, .tflint.hcl will be used
- If custom
- See How to disable tflint rules in files
- See Index of problems detected by tflint
Configuration in MegaLinter
- Enable tflint by adding
TERRAFORM_TFLINT
in ENABLE_LINTERS variable - Disable tflint by adding
TERRAFORM_TFLINT
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
TERRAFORM_TFLINT_SECURED_ENV | Allows to send the full env to tflint --init. Initialized with default value true . Set to false to allow tflint --init to access your env vars. |
True |
PAT_GITHUB_COM | If you have issues with tflint --init, create a GitHub Personal Access Token and set its value to PAT_GITHUB_COM variable. | `` |
TERRAFORM_TFLINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
TERRAFORM_TFLINT_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
TERRAFORM_TFLINT_CLI_LINT_MODE | Override default CLI lint mode ⚠️ As default value is project, overriding might not work - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
project |
TERRAFORM_TFLINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".tf"] |
TERRAFORM_TFLINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
TERRAFORM_TFLINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
TERRAFORM_TFLINT_POST_COMMANDS | List of bash commands to run after the linter | None |
TERRAFORM_TFLINT_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling TERRAFORM_TFLINT and its pre/post commands | None |
TERRAFORM_TFLINT_CONFIG_FILE | tflint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.tflint.hcl |
TERRAFORM_TFLINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
TERRAFORM_TFLINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
TERRAFORM_TFLINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
TERRAFORM_TFLINT_CLI_EXECUTABLE | Override CLI executable | ['tflint'] |
MegaLinter Flavors
This linter is available in the following flavors
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 124 | ||
cupcake | MegaLinter for the most commonly used languages | 83 | ||
security | Optimized for security | 24 | ||
terraform | Optimized for TERRAFORM based projects | 54 |
Behind the scenes
How are identified applicable files
- File extensions:
.tf
How the linting is performed
tflint is called once on the whole project directory (project
CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using tflint configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
doesn't make tflint analyze only updated files
Example calls
tflint
tflint -c .tflint.hcl
Help content
Usage:
tflint --chdir=DIR/--recursive [OPTIONS]
Application Options:
-v, --version Print TFLint
version
--init Install plugins
--langserver Start language
server
-f, --format=[default|json|checkstyle|junit|compact|sarif] Output format
-c, --config=FILE Config file
name (default:
.tflint.hcl)
--ignore-module=SOURCE Ignore module
sources
--enable-rule=RULE_NAME Enable rules
from the
command line
--disable-rule=RULE_NAME Disable rules
from the
command line
--only=RULE_NAME Enable only
this rule,
disabling all
other defaults.
Can be
specified
multiple times
--enable-plugin=PLUGIN_NAME Enable plugins
from the
command line
--var-file=FILE Terraform
variable file
name
--var='foo=bar' Set a Terraform
variable
--call-module-type=[all|local|none] Types of module
to call
(default: local)
--chdir=DIR Switch to a
different
working
directory
before
executing the
command
--recursive Run command in
each directory
recursively
--filter=FILE Filter issues
by file names
or globs
--force Return zero
exit status
even if issues
found
--minimum-failure-severity=[error|warning|notice] Sets minimum
severity level
for exiting
with a non-zero
error code
--color Enable
colorized output
--no-color Disable
colorized output
--fix Fix issues
automatically
--no-parallel-runners Disable
per-runner
parallelism
--max-workers=N Set maximum
number of
workers in
recursive
inspection
(default:
number of CPUs)
Help Options:
-h, --help Show this help
message
Installation on mega-linter Docker image
- Dockerfile commands :
# renovate: datasource=docker depName=ghcr.io/terraform-linters/tflint
ARG TERRAFORM_TFLINT_VERSION=0.54.0
FROM ghcr.io/terraform-linters/tflint:v${TERRAFORM_TFLINT_VERSION} AS tflint
COPY --link --from=tflint /usr/local/bin/tflint /usr/bin/