From eb38bc3092d2e55904da30d0bef3ae1e19b439db Mon Sep 17 00:00:00 2001
From: "blinkagent[bot]" <237617714+blinkagent[bot]@users.noreply.github.com>
Date: Fri, 27 Feb 2026 11:15:47 -0600
Subject: [PATCH] ci: add variable naming lint to terraform validate (#766)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Summary

Terraform variable names should use underscores (`snake_case`), not
hyphens. Hyphens are technically valid in HCL but are [deprecated and
non-idiomatic](https://developer.hashicorp.com/terraform/language/values/variables).
This PR adds a variable name check into the existing
`terraform_validate.sh` script so it runs as part of the existing "Run
Terraform Validate" CI step — no new scripts or workflow changes needed.

## Changes

### `scripts/terraform_validate.sh` — added `validate_variable_names()`
- Scans `.tf` files in changed modules for `variable` declarations with
hyphens
- Fails with actionable fix suggestions (shows the snake_case
alternative)
- Runs after `terraform validate` in the same CI step

### Fix: `code-server` module — rename `machine-settings` →
`machine_settings`
- Renames the hyphenated variable and its reference in main.tf
- Bumps version `1.4.2` → `1.4.3`
- Updates all README examples

---
Created on behalf of @matifali

---------

Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: DevCats <christofer@coder.com>
---
 registry/coder/modules/code-server/README.md | 16 ++++-----
 registry/coder/modules/code-server/main.tf   |  4 +--
 scripts/terraform_validate.sh                | 38 ++++++++++++++++++++
 3 files changed, 48 insertions(+), 10 deletions(-)

diff --git a/registry/coder/modules/code-server/README.md b/registry/coder/modules/code-server/README.md
index 3312f979..fdb3f1a7 100644
--- a/registry/coder/modules/code-server/README.md
+++ b/registry/coder/modules/code-server/README.md
@@ -14,7 +14,7 @@ Automatically install [code-server](https://github.com/coder/code-server) in a w
 module "code-server" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/code-server/coder"
-  version  = "1.4.2"
+  version  = "1.4.3"
   agent_id = coder_agent.example.id
 }
 ```
@@ -29,7 +29,7 @@ module "code-server" {
 module "code-server" {
   count           = data.coder_workspace.me.start_count
   source          = "registry.coder.com/coder/code-server/coder"
-  version         = "1.4.2"
+  version         = "1.4.3"
   agent_id        = coder_agent.example.id
   install_version = "4.106.3"
 }
@@ -43,7 +43,7 @@ Install the Dracula theme from [OpenVSX](https://open-vsx.org/):
 module "code-server" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/code-server/coder"
-  version  = "1.4.2"
+  version  = "1.4.3"
   agent_id = coder_agent.example.id
   extensions = [
     "dracula-theme.theme-dracula"
@@ -61,7 +61,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte
 module "code-server" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/code-server/coder"
-  version    = "1.4.2"
+  version    = "1.4.3"
   agent_id   = coder_agent.example.id
   extensions = ["dracula-theme.theme-dracula"]
   settings = {
@@ -78,7 +78,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 module "code-server" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/code-server/coder"
-  version    = "1.4.2"
+  version    = "1.4.3"
   agent_id   = coder_agent.example.id
   extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
 }
@@ -92,7 +92,7 @@ You can pass additional command-line arguments to code-server using the `additio
 module "code-server" {
   count           = data.coder_workspace.me.start_count
   source          = "registry.coder.com/coder/code-server/coder"
-  version         = "1.4.2"
+  version         = "1.4.3"
   agent_id        = coder_agent.example.id
   additional_args = "--disable-workspace-trust"
 }
@@ -108,7 +108,7 @@ Run an existing copy of code-server if found, otherwise download from GitHub:
 module "code-server" {
   count      = data.coder_workspace.me.start_count
   source     = "registry.coder.com/coder/code-server/coder"
-  version    = "1.4.2"
+  version    = "1.4.3"
   agent_id   = coder_agent.example.id
   use_cached = true
   extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
@@ -121,7 +121,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 module "code-server" {
   count    = data.coder_workspace.me.start_count
   source   = "registry.coder.com/coder/code-server/coder"
-  version  = "1.4.2"
+  version  = "1.4.3"
   agent_id = coder_agent.example.id
   offline  = true
 }
diff --git a/registry/coder/modules/code-server/main.tf b/registry/coder/modules/code-server/main.tf
index f5651353..090b6a53 100644
--- a/registry/coder/modules/code-server/main.tf
+++ b/registry/coder/modules/code-server/main.tf
@@ -44,7 +44,7 @@ variable "settings" {
   default     = {}
 }
 
-variable "machine-settings" {
+variable "machine_settings" {
   type        = any
   description = "A map of template level machine settings to apply to code-server. This will be overwritten at each container start."
   default     = {}
@@ -167,7 +167,7 @@ resource "coder_script" "code-server" {
     INSTALL_PREFIX : var.install_prefix,
     // This is necessary otherwise the quotes are stripped!
     SETTINGS : replace(jsonencode(var.settings), "\"", "\\\""),
-    MACHINE_SETTINGS : replace(jsonencode(var.machine-settings), "\"", "\\\""),
+    MACHINE_SETTINGS : replace(jsonencode(var.machine_settings), "\"", "\\\""),
     OFFLINE : var.offline,
     USE_CACHED : var.use_cached,
     USE_CACHED_EXTENSIONS : var.use_cached_extensions,
diff --git a/scripts/terraform_validate.sh b/scripts/terraform_validate.sh
index 9126e28e..44f95b61 100755
--- a/scripts/terraform_validate.sh
+++ b/scripts/terraform_validate.sh
@@ -11,6 +11,34 @@ set -euo pipefail
 #
 # This script only validates changed modules. Documentation and template changes are ignored.
 
+# Validates that Terraform variable names use underscores (snake_case) instead
+# of hyphens. Hyphens are technically valid but deprecated and non-idiomatic.
+# See: https://developer.hashicorp.com/terraform/language/values/variables
+validate_variable_names() {
+  local dir="$1"
+  local found_issues=0
+
+  while IFS= read -r tf_file; do
+    while IFS= read -r match; do
+      local line_num
+      line_num=$(echo "$match" | cut -d: -f1)
+      local line_content
+      line_content=$(echo "$match" | cut -d: -f2-)
+      local var_name
+      var_name=$(echo "$line_content" | sed -n 's/.*variable "\([^"]*\)".*/\1/p')
+
+      if [[ -n "$var_name" ]]; then
+        echo "  ERROR: $tf_file:$line_num"
+        echo "    Variable \"$var_name\" contains a hyphen."
+        echo "    Rename to \"${var_name//-/_}\" (use underscores instead of hyphens)."
+        found_issues=$((found_issues + 1))
+      fi
+    done < <(grep -n 'variable "[^"]*-[^"]*"' "$tf_file" 2> /dev/null || true)
+  done < <(find "$dir" -name '*.tf' -type f | sort)
+
+  return "$found_issues"
+}
+
 validate_terraform_directory() {
   local dir="$1"
   echo "Running \`terraform validate\` in $dir"
@@ -91,6 +119,16 @@ main() {
     fi
   done
 
+  echo ""
+  echo "==> Validating Terraform variable names use snake_case..."
+  for dir in $subdirs; do
+    if test -f "$dir/main.tf"; then
+      if ! validate_variable_names "$dir"; then
+        status=1
+      fi
+    fi
+  done
+
   exit $status
 }