We are using terraform starterkit in an example project in the sub folder of a project. Yes, a kind of subproject.
The project is a module development.
The subprojet uses module located outside the subproject dire but inside some parent folder of the subproject.
As .config folder is not committed in project repositories, when running tools operation jobs they fail because of missing configuration file. For example this is the case for:
The terraform starterkit uses default config file available on the public remote repository. Users may want (I do) to use their own tool configuration file. For example, there's no solution to use our own custom terraform-docs configuration.
This isssue ie a feature request for a mechanism to override config file for the following tools:
Remove mandatory cli parameter "module_path". "module_path" variable is mandatory but we don't always need it on out projects.
If forces to create a "module_path" variable in on project modules.
Must mention the fact that this starterkit is depends on Gitlab.
I think these points are missing
A Gitlab instance as a requirement
Clearly state that this starterkit code must be downloaded or copied to a Dedicated Gitlab project, the project must then be Released and the correct asset produced (The "How To Guide" on how to acheive this must also be documented) and only after that the get-starter-kit.sh script could be run
Clearly mention that the value of GITLAB_TOKEN must be a Project Access Token for the Dedicated Gitlab Project for Starterkit created before with api and read_api scope permission.
For really large project, with long validate task, wait for all validate task to finish cause the context to expire which leads to force run init perform again for plan command.
Solution: perform plan job directly after its validate job before without wating for all other validate job to run.
git-secrets scan commit messages and files to detect senstive information. Add it as pre-commit hooks(?).
The idea here is to use git-secrets to prevent secrets leak.
Can be added as a merge-request validation job which prevent pull request with senstive information to be merged into the main branch for example.
More possibilities to explore here.
the compare_configuration action run from a container with a default non configurable wokdir set to /workdir set in the built Dockerfile.
Workdir must be configured dynamicaly using PROJECT_ROOT_DIR and PROJECT_DIR variables.