Skip to content

Feature/gho 22 #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
noahwhite merged 6 commits into from
Dec 23, 2025
Merged

Feature/gho 22 #37

noahwhite merged 6 commits into from
Dec 23, 2025

Conversation

@noahwhite
Copy link
Owner

@noahwhite noahwhite commented Dec 22, 2025

GHO-22: Add OpenTofu formatting check to PR CI

Summary

This PR implements a GitHub Actions workflow that enforces canonical OpenTofu formatting on pull requests targeting the develop branch. The workflow runs tofu fmt -check -recursive in CI and blocks merges when formatting issues are detected.

The implementation intentionally minimizes complexity and avoids secret management tooling, wrappers, or non-essential OpenTofu commands.

Acceptance Criteria Mapping

Acceptance Criteria Status
Workflow runs for PRs with develop as base branch
Repository is checked out
OpenTofu is available via a pinned, containerized toolchain
tofu fmt -check -recursive runs against the repo
Workflow fails clearly on formatting violations
Workflow does not run for PRs targeting other branches
No Bitwarden Secrets Manager usage
Does not invoke infra-shell.sh or tofu.sh
Does not run tofu init, validate, plan, or apply

Key Changes

  • Adds a GitHub Actions workflow to run OpenTofu formatting checks on PRs targeting develop
  • Uses a containerized OpenTofu toolchain for deterministic behavior
  • Explicitly specifies the GHCR username to avoid ambiguity with github.actor
  • Authenticates to GHCR using a scoped GitHub Actions secret (GHCR_TOKEN)
  • Limits workflow triggers to relevant PR events (opened, synchronize, reopened)

Behavior

  • Formatting violations cause the CI job to fail and block merge into develop
  • CI output lists the files requiring formatting
  • No formatting is auto-applied in CI

To remediate failures locally:

tofu fmt -recursive

@noahwhite
- GHO-22: Add tofu fmt check workflow initially targeting feature bra…
9eccd2d 
…nch commits
@noahwhite
- GHO-22: Touching this file to retrigger workflow after configuring …
44368cc 
…token in Github to fetch container required by the workflow
@noahwhite
- GHO-22: Update the macro for getting the token
e55b6bb
@noahwhite
- GHO-22:
3dd8c22 
  - Explicitly state the user name in the image paths and the docker login command because github.actor is based on the context that triggered the action
  - Trigger the workflow on pull request to develop
@noahwhite
- GHO-22:
73ed73f 
  - Update to only run on PRs to develop
@linear
Copy link

linear bot commented Dec 22, 2025

GHO-22 [User Story] Add OpenTofu formatting check to PR CI (no secrets)

@noahwhite noahwhite self-assigned this Dec 22, 2025
@noahwhite noahwhite merged commit fd8fdee into develop Dec 23, 2025
1 check passed
@noahwhite noahwhite deleted the feature/GHO-22 branch December 23, 2025 01:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@noahwhite noahwhite

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@noahwhite