Add CI for testing infrastructure code

[rudransh-shrivastava]

Proposed change

Resolves #3666

Add CI for testing infrastructure code.
Fix pre-commit hook to also apply to tests.
Update nosemgrep to NOSEMGREP.

Checklist

• Required: I followed the contributing workflow
• Required: I verified that my code works as intended and resolves the issue as described
• Required: I ran make check-test locally: all warnings addressed, tests passed
• I used AI for code, documentation, tests, or communication related to this PR

[coderabbitai]

Walkthrough

Added a CI job to run infrastructure tests, updated many Terraform TFTest files to use a mock AWS provider and adjusted a few test data/formatting items, broadened pre-commit terraform_fmt matching, and normalized semgrep/nosemgrep comment directive casing across infra files.

Changes

Cohort / File(s)	Summary
CI/CD & pre-commit .github/workflows/run-ci-cd.yaml, .pre-commit-config.yaml	Added "Run Infrastructure tests" job (checkout, install Terraform, run make test-infrastructure) and added it to Build Staging Images needs; removed some FORCE_COLOR env lines and switched some staging TF var quoting; expanded terraform_fmt hook to include .tftest.hcl.
Terraform tests — modules (bulk) infrastructure/modules/.../tests/*.tftest.hcl, infrastructure/modules/alb/tests/alb.tftest.hcl, infrastructure/modules/cache/tests/cache.tftest.hcl, infrastructure/modules/database/tests/database.tftest.hcl, infrastructure/modules/ecs/tests/ecs.tftest.hcl, infrastructure/modules/ecs/modules/task/tests/task.tftest.hcl, infrastructure/modules/frontend/tests/frontend.tftest.hcl, infrastructure/modules/kms/tests/kms.tftest.hcl, infrastructure/modules/networking/tests/networking.tftest.hcl, infrastructure/modules/networking/modules/nacl/tests/nacl.tftest.hcl, infrastructure/modules/networking/modules/vpc-endpoint/tests/vpc-endpoint.tftest.hcl, infrastructure/modules/parameters/tests/parameters.tftest.hcl, infrastructure/modules/security/tests/security.tftest.hcl, infrastructure/modules/storage/**/tests/*.tftest.hcl	Added mock_provider "aws" {} to many TFTest files. Mostly whitespace/formatting adjustments; KMS adds an override_data JSON for a key policy; parameters tests expanded variables; networking had a minor condition change (== false → != true).
Comment annotations & minor files infrastructure/modules/ecs/main.tf, infrastructure/modules/frontend/main.tf, infrastructure/modules/networking/main.tf, backend/zappa_callback.py	Normalized semgrep/nosemgrep directive casing (e.g., nosemgrep → NOSEMGREP) and updated a single comment directive in zappa_callback.py. No functional code changes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Add tests for ecs module and its sub-modules #3691: Overlapping edits to ECS TFTest files (adds/modifies ecs/task tests).
• Add CI/CD for staging deployment #3466: Related CI workflow changes touching .github/workflows/run-ci-cd.yaml.
• Add tests for parameters module #3499: Related modifications to the parameters module TFTest (expanded variables/test configuration).

Suggested labels

backend-tests

Suggested reviewers

• kasya
• arkid15r

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description check	✅ Passed	The description is related to the changeset, mentioning CI for testing infrastructure code, pre-commit hook fixes, and nosemgrep updates—all present in the changes.
Linked Issues check	✅ Passed	The PR implements the primary objective from issue #3666 by adding a CI job for infrastructure testing, updating pre-commit hooks, and standardizing semgrep annotations.
Out of Scope Changes check	✅ Passed	All changes align with the stated objectives: adding infrastructure testing CI, updating pre-commit hooks for test files, and standardizing semgrep directives. No out-of-scope changes detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Title check	✅ Passed	The title accurately reflects the main changes: adding CI infrastructure for testing infrastructure code across multiple modules and workflow configuration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.50%. Comparing base (58d2474) to head (12d3008).
⚠️ Report is 1 commits behind head on feature/nest-zappa-migration.

Additional details and impacted files

@@                      Coverage Diff                      @@
##           feature/nest-zappa-migration    #3694   +/-   ##
=============================================================
  Coverage                         85.50%   85.50%           
=============================================================
  Files                               463      463           
  Lines                             14271    14271           
  Branches                           1900     1900           
=============================================================
  Hits                              12202    12202           
  Misses                             1689     1689           
  Partials                            380      380           

Flag	Coverage Δ
backend	84.49% <ø> (ø)
frontend	88.27% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 58d2474...12d3008. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rudransh-shrivastava]

random formatting changes are due to this

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud