feat: add Cursor Rule for generating tf tests in child modules

[westonplatter]

what

• feat: add Cursor Rule for generating tf tests in child modules)
• docs: Add LICENSE file
• docs: Update readme with quick intro to using rule-tool

Summary by CodeRabbit

• Documentation
  • Updated README with refreshed branding and step‑by‑step instructions for using a CLI to symlink shared rules across repositories.
  • Added a comprehensive guide for testing Terraform/Tofu child modules covering test structure, fixtures, plan‑first strategy, mock providers, validation patterns, and CI best practices.
• Chores
  • Added the Apache 2.0 license.
  • Added a linting workflow and repository tooling/configuration plus ignore rules to support consistent linting and formatting.

[coderabbitai]

Walkthrough

Added an Apache 2.0 LICENSE, expanded README with rule-tool usage and branding, introduced a comprehensive Terraform/Tofu child-module testing spec, added a GitHub Actions lint workflow, and added Trunk CI configuration and ignore rules under .trunk.

Changes

Cohort / File(s)	Summary of Changes
Licensing LICENSE	Added Apache License, Version 2.0 full text and copyright notice (Copyright 2025 Masterpoint).
Repository README & Usage README.md	Updated branding and added step-by-step instructions for installing and using rule-tool (interactive and non-interactive flows), environment variable notes, and example directory structure.
Terraform/Tofu Testing Standards rules/tf-testing-child-module.mdc	New opinionated document defining end-to-end testing workflow, test structure, plan-vs-apply guidance, mock-provider usage, fixtures, HCL test patterns, and CI/testing priorities for child modules.
CI - GitHub Actions .github/workflows/lint.yml	Added "Lint" workflow that runs Trunk checks on pushes to main and pull requests targeting main.
Trunk configuration & linters .trunk/trunk.yaml, .trunk/configs/.markdownlint.yaml, .trunk/configs/.yamllint.yaml	Added Trunk CLI configuration enabling specified runtimes, plugins, and lint tools (markdownlint, yamllint, prettier, etc.), and added markdownlint/yamllint configuration files.
Trunk ignore .trunk/.gitignore	Added ignore patterns for common build/user artifacts (e.g., *out, *logs, plugins, user.yaml, tmp, etc.).

Sequence Diagram(s)

sequenceDiagram
  participant Dev as Developer
  participant Repo as Project Repo
  participant Rules as Central Rules Repo
  participant Tool as rule-tool (CLI)

  Dev ->> Repo: git clone project
  Dev ->> Rules: git clone shared-prompts (central rules)
  Dev ->> Tool: set RULE_TOOL_PATH env var
  Dev ->> Tool: run rule-tool (interactive / --non-interactive)
  Tool ->> Rules: read rules/ directory
  Tool ->> Repo: create symlinks from Rules/rules/... to Repo/rules/
  Repo ->> Dev: project now references centralized Cursor Rules via symlinks

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I twitch my whiskers, LICENSE snug and new,
README shows the path to rules I chew.
Tests lined like carrots, mocked and bright,
CI hums softly through trunk-lit night.
A hop, a sync, the repo feels just right. 🥕🐇

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/generating-tf-tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

rules/tf-testing-child-module.mdc (1)

1-880: Add language identifiers to all fenced code blocks (hcl / bash / text)

I ran the requested check — 23 unlabeled fenced code blocks were found:

• rules/tf-testing-child-module.mdc:66, 136, 166, 182, 210, 232, 291, 331, 371, 437, 440, 481, 504, 526, 568, 642, 667, 761, 829, 870, 879
• README.md:12, 28

Please update each opening to include the appropriate language (e.g.,hcl for HCL examples, bash for shell, or text if unsure). Example: change →hcl.

🧹 Nitpick comments (9)

README.md (4)

12-28: Add a language to the fenced code block (markdownlint MD040).

Specify a language for the directory tree block to satisfy linters and improve rendering.

Apply this diff:

-```
+```text
 shared-prompts/
 └── rules/
     ├── dockerfile-best-practices.mdc
     ├── tf-root-module-layout.mdc
     └── tf-testing-child-module.mdc

 project-A/.cursorrules/
 ├── tf-testing-child-module.mdc → ../../shared-prompts/rules/tf-testing-child-module.mdc
 ├── tf-root-module-layout.mdc → ../../shared-prompts/rules/tf-root-module-layout.mdc
 └── ...

 project-B/.cursorrules/
 ├── dockerfile-best-practices.mdc → ../../shared-prompts/rules/dockerfile-best-practices.mdc
 ├── tf-testing-child-module.mdc → ../../shared-prompts/rules/tf-testing-child-module.mdc
 └── ...

---

`30-31`: **Minor punctuation: use a colon after the lead-in.**

Readability nit: a colon fits better after this lead-in phrase.

Apply this diff:

```diff
-To start using `rule-tool`,
+To start using `rule-tool`:

---

32-32: Stabilize GitHub link: avoid UI-specific query params.

The “tab=readme-ov-file” param is UI-specific and brittle. Link directly to the anchor.

Apply this diff:

-1. Install rule-tool following [these instructions](https://github.com/circleci-petri/rule-tool?tab=readme-ov-file#usage).
+1. Install rule-tool following [these instructions](https://github.com/circleci-petri/rule-tool#usage).

---

69-70: Stabilize GitHub link (non-interactive mode).

Same as above—remove UI-specific query param.

Apply this diff:

-# See: https://github.com/circleci-petri/rule-tool?tab=readme-ov-file#non-interactive-mode
+# See: https://github.com/circleci-petri/rule-tool#non-interactive-mode

rules/tf-testing-child-module.mdc (5)

39-39: Typo: “majorithy” → “majority”.

Minor spelling fix.

Apply this diff:

-**Default Choice**: Use `command = plan` for the majorithy of child module tests.
+**Default Choice**: Use `command = plan` for the majority of child module tests.

---

440-440: Add language to fenced code block (markdownlint MD040).

Mark the block as HCL like the others.

Apply this diff:

-```
+```hcl

---

876-876: Gitleaks false-positive risk: replace example API key with a non-secret placeholder.

Gitleaks flags this as a Generic API Key. Use an obviously fake value to avoid scanner noise.

Apply this diff:

-    defaults = { key = "tskey-test-123456789" }
+    # Example placeholder value, not a real key
+    defaults = { key = "tskey-example-000000000" }

---

750-753: Plan-time unknowns: availability_zone may not be known during plan.

Relying on instance.availability_zone in plan tests can be flaky/non-deterministic. Prefer plan-known data (e.g., counts, keys, or locals) or mock explicit defaults.

Consider one of:

• Assert distribution by deriving from input subnets or desired capacity.
• If keeping AZ checks, ensure the mock sets AZs for instances consistently so values are known at plan time.

---

417-527: Validate resource addressing style consistency.

Several assertions index resources like lists (e.g., aws_lb.main[0]) which only works with count; with for_each, keys must be used. Ensure examples match the intended resource declarations to avoid confusion.

Would you like me to normalize the examples to either count or for_each semantics throughout for consistency?

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6b9c35d and 3c45f80.

📒 Files selected for processing (3)

• LICENSE (1 hunks)
• README.md (1 hunks)
• rules/tf-testing-child-module.mdc (1 hunks)

🧰 Additional context used

🪛 Gitleaks (8.27.2)

rules/tf-testing-child-module.mdc

876-876: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 LanguageTool

README.md

[grammar] ~4-~4: There might be a mistake here.
Context: ...more effective workflows. ## How to Use You can keep it basic and copy individua...

(QB_NEW_EN)

🪛 markdownlint-cli2 (0.17.2)

README.md

12-12: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (1)

LICENSE (1)

190-203: LGTM: Correct Apache 2.0 license boilerplate and attribution.

The license text and copyright notice look correct for Apache-2.0. No issues.

[Gowiem]

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

.trunk/configs/.markdownlint.yaml (1)

1-2: Optional: add a root-level .markdownlint.yaml for better editor/tooling discovery.

Some local tools/editors look for the config at repo root. You can forward it to the Trunk-managed location.

Create a forwarding config at the repo root:

+--- /dev/null
++++ b/.markdownlint.yaml
+extends: .trunk/configs/.markdownlint.yaml

.trunk/trunk.yaml (2)

19-26: Consider enabling Terraform-focused linters to align with repo goals.

Given the PR’s Terraform testing focus, consider adding:

• tflint (Terraform best practices and provider-specific checks)
• terraform fmt (format enforcement)
• terraform-docs (if you want module docs consistency)

---

17-26: Optional: add ignores to speed up lint runs and reduce noise.

If/when these dirs exist, add ignores so linters don’t traverse them.

Example:

 lint:
   enabled:
     - [email protected]
     - [email protected]
     - git-diff-check
     - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]
+  ignore:
+    - path: node_modules/**
+    - path: dist/**
+    - path: build/**
+    - path: venv/**
+    - path: .git/**

.github/workflows/lint.yml (2)

25-27: Fetch full history to improve git-diff-based checks.

actions/checkout defaults to shallow fetch. Some diff-aware tools (e.g., git-diff-check) benefit from full history to compute merge-base accurately.

       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0

---

13-18: Optional: trigger on PR events you care about explicitly.

If you want to avoid runs for draft PRs or add explicit event types, tighten the trigger. Default is fine; this is purely optional.

Example:

   pull_request:
-    branches: [main]
+    branches: [main]
+    types: [opened, synchronize, reopened, ready_for_review]

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3c45f80 and 9e3d3a3.

📒 Files selected for processing (6)

• .github/workflows/lint.yml (1 hunks)
• .trunk/.gitignore (1 hunks)
• .trunk/configs/.markdownlint.yaml (1 hunks)
• .trunk/configs/.yamllint.yaml (1 hunks)
• .trunk/trunk.yaml (1 hunks)
• README.md (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• .trunk/configs/.yamllint.yaml
• .trunk/.gitignore

🚧 Files skipped from review as they are similar to previous changes (1)

• README.md

🔇 Additional comments (2)

.trunk/configs/.markdownlint.yaml (1)

1-2: LGTM: Prettier-friendly markdownlint config is correct and minimal.

Using the shareable style via “extends: markdownlint/style/prettier” is a solid default for teams relying on Prettier.

.trunk/trunk.yaml (1)

1-6: LGTM: Baseline Trunk config is sound and versions are pinned.

Good defaults, explicit CLI version, and stable plugin source pinning.

[coderabbitai]

🛠️ Refactor suggestion

Pin the Trunk Action to a commit SHA for supply-chain hardening.

GitHub recommends pinning actions to a commit SHA to prevent supply-chain attacks. Keep @v1 in a comment for tracking, but use a SHA in the “uses” line.

Example:

-      - name: Trunk Check
-        uses: trunk-io/trunk-action@v1
+      - name: Trunk Check
+        # v1 @ <commit-sha> (https://github.com/trunk-io/trunk-action/commits)
+        uses: trunk-io/trunk-action@<COMMIT_SHA>
         with:
           check-mode: all

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Trunk Check
	uses: trunk-io/trunk-action@v1
	with:
	check-mode: all
	- name: Trunk Check
	# v1 @ <commit-sha> (https://github.com/trunk-io/trunk-action/commits)
	uses: trunk-io/trunk-action@<COMMIT_SHA>
	with:
	check-mode: all

🤖 Prompt for AI Agents

.github/workflows/lint.yml lines 28-31: the workflow uses
trunk-io/trunk-action@v1 which should be pinned to a commit SHA for supply-chain
hardening; update the "uses" value to the specific commit SHA (e.g.
trunk-io/trunk-action@<commit-sha>) and keep the @v1 tag in a comment for
tracking, ensuring the workflow continues to reference the same action version
while also using the immutable SHA.