chapter seven

7 Code quality and continuous integration

 

This chapter covers

  • Learning from Software Development
  • Developing Locally as a Team
  • Code Quality Tools
  • Securing Infrastructure
  • Automating Chores
  • Ensuring Quality Automatically

Infrastructure as Code provides a number of benefits, but one of the biggest is that it allows the industry to apply the lessons learned from decades of software development to managing infrastructure. Software development has been around since the 1950s, and it’s an understatement to say that it has evolved quite a bit since then. Not only have the languages software developers used grown to take on new complexity and functionality, the tools they use have also grown to make tackling that complexity feasible.

When developing using the Terraform and OpenTofu languages you are developing software. Developing high quality software is not a trivial task though. To make it easier developers rely on tools, such as code linters (tools that look through your code for issues), formatters, and security scanners. Terraform is no exception to this. When working with Terraform you have a number of tools at your disposal to help you create better software.

What exactly is high quality software? Although this is by itself a huge topic, high quality software has a few common features that make the project more pleasant to work with.

7.1 Continuous Integration Practices

7.1.1 Source Control Management (SCM)

7.1.2 Branching and Pull Requests

7.1.3 Code Reviews

7.2 Local Development

7.2.1 Standardizing and Bootstrapping with Software Templates

7.2.2 Repeatable Tasks with Makefiles

7.2.3 Installing Applications with Makefiles

7.2.4 Terraform and OpenTofu

7.2.5 Terraform and OpenTofu Versions

7.2.6 Pre-commit Hooks

7.3 Tools for Maintaining Quality

7.3.1 terraform validate

7.3.2 Terratest and Terraform Testing

7.3.3 tflint

7.4 Validating Security

7.4.1 Checkov

7.4.2 Trivy (formally TF Sec)

7.4.3 Snyk, Checkmarx, Mend

7.5 Custom Policy Enforcement

7.5.1 Open Policy Agent with TFLint

7.5.2 Custom Checkov Rules

7.6 Automating Chores

7.6.1 terraform-docs

7.6.2 terraform fmt

7.6.3 tflint autofix

7.7 Enforcing Quality with CI Systems

7.7.1 Selecting a CI System

7.7.2 Building the Basic Workflows

7.7.3 Validating both OpenTofu and Terraform

7.7.4 Branch Protection and Required Pipelines

7.7.5 Automated Updates with Dependabot

7.8 Summary