ci: add CI workflow with fmt, validate, docs, lint, and release-please jobs

Replace the standalone release-please workflow with a unified CI workflow that runs formatting checks, terraform validate, docs freshness, and tflint on every push. Release-please is now handled by jimeh/release-please-manifest-action with GitHub App auth. Also: - Move release-please config files under .github/ - Add changelog-sections and always-update to release-please config - Add tflint with recommended terraform plugin preset - Add .gitignore for .terraform/ and .terraform.lock.hcl - Add lint and lint-fix Make targets - Clean .terraform.lock.hcl before terraform-docs runs Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-19 01:46:40 +00:00 · 2026-02-02 15:20:15 +00:00
parent 6da178a5d0
commit 1ca228673e
9 changed files with 99 additions and 34 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,49 @@
+---
+name: CI
+on: [push]
+
+permissions:
+  contents: read
+
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
+      - run: terraform fmt -check -recursive -diff
+      - run: prettier --check README.md
+
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
+      - run: terraform init -backend=false
+      - run: terraform validate
+
+  docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
+      - run: terraform-docs --output-check .
+      - run: prettier --check README.md
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1
+      - run: tflint --init
+      - run: tflint --format compact
+
+  release-please:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/heads/')
+    steps:
+      - uses: jimeh/release-please-manifest-action@84f33fd2828210488c36f3e0a7e3209252d2ae7d # v3.0.0
+        with:
+          target-branch-pattern: "^(main|master)$"
+          app-id: ${{ secrets.RELEASE_BOT_APP_ID }}
+          private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }}
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -1,16 +0,0 @@
---
-on: push
-
-jobs:
-  release-please:
-    runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
-    outputs:
-      release_created: ${{ steps.release-please.outputs.release_created }}
-      tag_name: ${{ steps.release-please.outputs.tag_name }} # e.g. v1.0.0
-      version: ${{ steps.release-please.outputs.version }} # e.g. 1.0.0
-    steps:
-      - uses: google-github-actions/release-please-action@v3
-        id: release-please
-        with:
-          command: manifest