forgejo_admin/pal-e-platform
1
0
Fork 1
Code Issues 35 Pull requests Projects Releases Packages Wiki Activity Actions

Add Woodpecker validation pipeline (tofu fmt + validate) #38

Merged
forgejo_admin merged 1 commit from 37-woodpecker-validation-pipeline into main 2026-03-14 14:03:28 +00:00
Conversation 2 Commits 1 Files changed 1 +11
forgejo_admin commented 2026-03-14 14:00:52 +00:00
Owner
Copy link

Summary

Adds a .woodpecker.yaml pipeline that validates Terraform formatting and syntax on pull requests. Uses tofu init -backend=false so no secrets or state access are needed.

Changes

  • .woodpecker.yaml (new): Woodpecker CI pipeline triggered on pull_request events only. Runs tofu init -backend=false, tofu fmt -check -recursive, and tofu validate in the terraform/ directory using the ghcr.io/opentofu/opentofu:1.9 image.

Test Plan

  • Tests pass locally (no tests to run -- this is a CI-only config file)
  • Manual verification: Woodpecker triggers validation pipeline on this PR
  • Pipeline passes (all .tf files are already formatted and valid)
  • Pipeline does NOT trigger on push to main (pull_request only)

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive

Related

  • Closes forgejo_admin/pal-e-platform #37
  • plan-pal-e-platform -- Phase 6: CI

Closes #37

## Summary Adds a `.woodpecker.yaml` pipeline that validates Terraform formatting and syntax on pull requests. Uses `tofu init -backend=false` so no secrets or state access are needed. ## Changes - **`.woodpecker.yaml`** (new): Woodpecker CI pipeline triggered on `pull_request` events only. Runs `tofu init -backend=false`, `tofu fmt -check -recursive`, and `tofu validate` in the `terraform/` directory using the `ghcr.io/opentofu/opentofu:1.9` image. ## Test Plan - [ ] Tests pass locally (no tests to run -- this is a CI-only config file) - [ ] Manual verification: Woodpecker triggers validation pipeline on this PR - [ ] Pipeline passes (all .tf files are already formatted and valid) - [ ] Pipeline does NOT trigger on push to main (pull_request only) ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related - Closes forgejo_admin/pal-e-platform #37 - `plan-pal-e-platform` -- Phase 6: CI Closes #37
Runs tofu init -backend=false, tofu fmt -check -recursive, and
tofu validate on pull request events. No secrets or state access
needed -- purely validates formatting and syntax.

Closes #37

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-14 14:01:13 +00:00
Author
Owner
Copy link

Self-Review

Reviewed the diff (1 file, 11 additions, 0 deletions). No issues found.

Checklist:

  • Single file changed (.woodpecker.yaml) -- no unnecessary changes
  • No secrets or credentials in diff
  • Trigger is pull_request only -- no push-to-main trigger (validation only, per issue spec)
  • Image pinned to ghcr.io/opentofu/opentofu:1.9 (meets >=1.9 requirement)
  • Commands match issue spec: tofu init -backend=false, tofu fmt -check -recursive, tofu validate
  • PR body follows template, includes Closes #37
  • Commit message is descriptive
## Self-Review Reviewed the diff (1 file, 11 additions, 0 deletions). No issues found. **Checklist:** - [x] Single file changed (`.woodpecker.yaml`) -- no unnecessary changes - [x] No secrets or credentials in diff - [x] Trigger is `pull_request` only -- no push-to-main trigger (validation only, per issue spec) - [x] Image pinned to `ghcr.io/opentofu/opentofu:1.9` (meets >=1.9 requirement) - [x] Commands match issue spec: `tofu init -backend=false`, `tofu fmt -check -recursive`, `tofu validate` - [x] PR body follows template, includes `Closes #37` - [x] Commit message is descriptive
forgejo_admin commented 2026-03-14 14:02:38 +00:00
Author
Owner
Copy link

PR #38 Review

BLOCKERS

None.

NITS

  1. Provider download time -- tofu init -backend=false will download 4 providers (kubernetes, helm, tailscale, minio) on every pipeline run since there is no caching. This is functional but will add 10-30 seconds to each run. Not blocking -- provider caching can be addressed later if pipeline speed becomes a concern.

SOP COMPLIANCE

  • Branch named after issue (37-woodpecker-validation-pipeline references #37)
  • PR body follows template (Summary, Changes, Test Plan, Related all present)
  • Related references plan slug (plan-pal-e-platform -- Phase 6: CI)
  • Closes #37 present in PR body
  • No secrets committed
  • No unnecessary file changes (1 file, .woodpecker.yaml only)
  • Commit messages are descriptive

DETAILS

  • Event trigger: Correctly scoped to pull_request only. No push event. Pipeline will not run on merges to main.
  • Image: ghcr.io/opentofu/opentofu:1.9 is the official OpenTofu image. Appropriate choice.
  • -backend=false: Correct. The repo uses a kubernetes backend requiring cluster access and kubeconfig. Skipping backend init allows provider download and validation without secrets.
  • Step sequence: cd terraform then tofu init then tofu fmt -check -recursive then tofu validate -- correct order. Format check before validate is fine (both are independent of each other post-init).
  • YAML syntax: Matches the Woodpecker v2 format used across other repos (basketball-api, pal-e-docs). Top-level when: list and steps: list syntax are correct.
  • Scope: Single file, no Terraform changes. Clean.

VERDICT: APPROVED

## PR #38 Review ### BLOCKERS None. ### NITS 1. **Provider download time** -- `tofu init -backend=false` will download 4 providers (kubernetes, helm, tailscale, minio) on every pipeline run since there is no caching. This is functional but will add 10-30 seconds to each run. Not blocking -- provider caching can be addressed later if pipeline speed becomes a concern. ### SOP COMPLIANCE - [x] Branch named after issue (`37-woodpecker-validation-pipeline` references #37) - [x] PR body follows template (Summary, Changes, Test Plan, Related all present) - [x] Related references plan slug (`plan-pal-e-platform` -- Phase 6: CI) - [x] `Closes #37` present in PR body - [x] No secrets committed - [x] No unnecessary file changes (1 file, `.woodpecker.yaml` only) - [x] Commit messages are descriptive ### DETAILS - **Event trigger**: Correctly scoped to `pull_request` only. No `push` event. Pipeline will not run on merges to main. - **Image**: `ghcr.io/opentofu/opentofu:1.9` is the official OpenTofu image. Appropriate choice. - **`-backend=false`**: Correct. The repo uses a `kubernetes` backend requiring cluster access and kubeconfig. Skipping backend init allows provider download and validation without secrets. - **Step sequence**: `cd terraform` then `tofu init` then `tofu fmt -check -recursive` then `tofu validate` -- correct order. Format check before validate is fine (both are independent of each other post-init). - **YAML syntax**: Matches the Woodpecker v2 format used across other repos (basketball-api, pal-e-docs). Top-level `when:` list and `steps:` list syntax are correct. - **Scope**: Single file, no Terraform changes. Clean. ### VERDICT: APPROVED
forgejo_admin deleted branch 37-woodpecker-validation-pipeline 2026-03-14 14:03:28 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform!38
No description provided.