Skip to content

jacekhewko/terragrunt-github-actions

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

101 Commits
src
src
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

Terragrunt GitHub Actions

Terraform GitHub Actions allow you to execute Terraform commands within GitHub Actions.

This has been modified with Terragrunt wrapper which allows you to run terragrunt commands on the same basics.

The output of the actions can be viewed from the Actions tab in the main repository view. If the actions are executed on a pull request event, a comment may be posted on the pull request.

Terraform GitHub Actions are a single GitHub Action that executes different Terraform or Terragrunt subcommands depending on the content of the GitHub Actions YAML file.

Success Criteria

An exit code of 0 is considered a successful execution.

Usage

The most common workflow is to run terraform fmt, terraform init, terraform validate, and terraform plan on all of the Terraform files in the root of the repository when a pull request is opened or updated. You can also use terragrunt instead. A comment will be posted to the pull request depending on the output of the Terraform subcommand being executed. This workflow can be configured by adding the following content to the GitHub Actions workflow YAML file.

name: 'Terraform GitHub Actions'
on:
  - pull_request
jobs:
  terraform:
    name: 'Terraform'
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout'
        uses: actions/checkout@master
      - name: 'Terraform Format'
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: 0.12.13
          use_terragrunt: false
          tf_actions_subcommand: 'fmt'
          tf_actions_working_dir: '.'
          tf_actions_comment: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: 'Terraform Init'
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: 0.12.13
          use_terragrunt: true
          tg_actions_version: 0.21.6
          tf_actions_subcommand: 'init'
          tf_actions_working_dir: '.'
          tf_actions_comment: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: 'Terraform Validate'
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: 0.12.13
          use_terragrunt: true
          tg_actions_version: 0.21.6
          tf_actions_subcommand: 'validate'
          tf_actions_working_dir: '.'
          tf_actions_comment: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: 'Terraform Plan'
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: 0.12.13
          use_terragrunt: true
          tg_actions_version: 0.21.6
          tf_actions_subcommand: 'plan'
          tf_actions_working_dir: '.'
          tf_actions_comment: true
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

This was a simplified example showing the basic features of these Terraform GitHub Actions. Please refer to the Hashicorp examples for other common workflows: https://github.com/hashicorp/terraform-github-actions/tree/master/examples

Inputs

Inputs configure Terraform GitHub Actions to perform different actions.

  • tf_actions_version - (Required) The Terraform version to install and execute.
  • use_terragrunt - (Required) Choose if terragrunt wrapper should be used. True or false.
  • tg_actions_version - (Required if use_terragrunt is set to true) Terragrunt version to install.
  • tf_actions_subcommand - (Required) The Terraform (or Terragrunt if use_terragrunt is set to true) subcommand to execute. Valid values are fmt, init, validate, plan, and apply.
  • tf_actions_working_dir - (Optional) The working directory to change into before executing Terraform subcommands. Defaults to . which means use the root of the GitHub repository.
  • tf_actions_comment - (Optional) Whether or not to comment on GitHub pull requests. Defaults to true.

Outputs

Outputs are used to pass information to subsequent GitHub Actions steps.

  • tf_actions_plan_has_changes - Whether or not the Terraform plan contained changes.
  • tf_actions_output - The Terraform outputs in JSON format.

Secrets

Secrets are similar to inputs except that they are encrypted and only used by GitHub Actions. It's a convenient way to keep sensitive data out of the GitHub Actions workflow YAML file.

  • GITHUB_TOKEN - (Optional) The GitHub API token used to post comments to pull requests. Not required if the tf_actions_comment input is set to false.

Other secrets may be needed to authenticate with Terraform backends and providers.

WARNING: These secrets could be exposed if the action is executed on a malicious Terraform file. To avoid this, it is recommended not to use these Terraform GitHub Actions on repositories where untrusted users can submit pull requests.

Environment Variables

Environment variables are exported in the environment where the Terraform GitHub Actions are executed. This allows a user to modify the behavior of certain GitHub Actions.

The usual Terraform environment variables are supported. Here are a few of the more commonly used environment variables.

Other environment variables may be configured to pass data into Terraform. If the data is sensitive, consider using secrets instead.

About

Terraform GitHub Actions

Resources

Readme

License

MPL-2.0 license
Activity

Stars

2 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases

30 tags

Packages

No packages published

Languages

  • Shell 98.7%
  • Dockerfile 1.3%