Difference between revisions of ".github/workflows/terraform.yml"

From wikieduonline
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
GitHub official template for terraform, as of Feb 2024, requires create a [[GitHub secret]] <code>[[TF_API_TOKEN]]</code>
  
 
  [[.github/workflows/]]terraform.yml
 
  [[.github/workflows/]]terraform.yml
Line 11: Line 12:
 
  # To use this workflow, you will need to complete the following setup steps.
 
  # To use this workflow, you will need to complete the following setup steps.
 
  #
 
  #
  # 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
+
  # 1. Create a `[[main.tf]]` file in the root of this repository with the `remote` backend and one or more resources defined.
 
  #  Example `main.tf`:
 
  #  Example `main.tf`:
 
  #    # The configuration for the `remote` backend.
 
  #    # The configuration for the `remote` backend.
 
  #    terraform {
 
  #    terraform {
  #      backend "remote" {
+
  #      backend "[[Terraform backend: remote|remote]]" {
 
  #        # The name of your Terraform Cloud organization.
 
  #        # The name of your Terraform Cloud organization.
 
  #        organization = "example-organization"
 
  #        organization = "example-organization"
Line 26: Line 27:
 
  #    }
 
  #    }
 
  #
 
  #
 +
#    # An example resource that does nothing.
 +
#    resource "[[null_resource]]" "example" {
 +
#      triggers = {
 +
#        value = "A example resource that does nothing!"
 +
#      }
 +
#    }
 +
#
 +
#
 +
# 2. Generate a [[Terraform Cloud user API token]] and store it as a [[GitHub secret]] (e.g. [[TF_API_TOKEN]]) on this repository.
 +
#  Documentation:
 +
#    - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
 +
#    - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
 +
#
 +
# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
 +
#  Example:
 +
#    - name: Setup Terraform
 +
#      uses: [[hashicorp/setup-terraform]]@v1
 +
#      with:
 +
#        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 +
 +
name: 'Terraform'
 +
 +
on:
 +
  push:
 +
    branches: [ "main" ]
 +
  pull_request:
 +
 +
permissions:
 +
  contents: read
 +
 +
jobs:
 +
  terraform:
 +
    name: 'Terraform'
 +
    runs-on: ubuntu-latest
 +
    environment: production
 +
 +
    # Use the Bash shell regardless whether the GitHub Actions runner is [[ubuntu-latest]], [[macos-latest]], or [[windows-latest]]
 +
    defaults:
 +
      run:
 +
        shell: bash
 
<pre>
 
<pre>
#    # An example resource that does nothing.
 
#    resource "null_resource" "example" {
 
#      triggers = {
 
#        value = "A example resource that does nothing!"
 
#      }
 
#    }
 
#
 
#
 
# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
 
#  Documentation:
 
#    - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
 
#    - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
 
#
 
# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
 
#  Example:
 
#    - name: Setup Terraform
 
#      uses: hashicorp/setup-terraform@v1
 
#      with:
 
#        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
 
name: 'Terraform'
 
 
on:
 
  push:
 
    branches: [ "main" ]
 
  pull_request:
 
 
permissions:
 
  contents: read
 
 
jobs:
 
  terraform:
 
    name: 'Terraform'
 
    runs-on: ubuntu-latest
 
    environment: production
 
 
    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
 
    defaults:
 
      run:
 
        shell: bash
 
 
 
     steps:
 
     steps:
 
     # Checkout the repository to the GitHub Actions runner
 
     # Checkout the repository to the GitHub Actions runner
Line 97: Line 97:
 
       run: terraform apply -auto-approve -input=false
 
       run: terraform apply -auto-approve -input=false
 
</pre>
 
</pre>
 +
 +
 +
== See also ==
 +
* {{GHA}}
 +
 +
[[Category:GitHub Actions]]

Latest revision as of 20:21, 7 February 2024

GitHub official template for terraform, as of Feb 2024, requires create a GitHub secret TF_API_TOKEN

.github/workflows/terraform.yml
# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file
# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run
# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events
# to the "main" branch, `terraform apply` will be executed.
#
# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform
#
# To use this workflow, you will need to complete the following setup steps.
#
# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined.
#   Example `main.tf`:
#     # The configuration for the `remote` backend.
#     terraform {
#       backend "remote" {
#         # The name of your Terraform Cloud organization.
#         organization = "example-organization"
#
#         # The name of the Terraform Cloud workspace to store Terraform state files in.
#         workspaces {
#           name = "example-workspace"
#         }
#       }
#     }
#
#     # An example resource that does nothing.
#     resource "null_resource" "example" {
#       triggers = {
#         value = "A example resource that does nothing!"
#       }
#     }
#
#
# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository.
#   Documentation:
#     - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html
#     - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
#
# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
#   Example:
#     - name: Setup Terraform
#       uses: hashicorp/setup-terraform@v1
#       with:
#         cli_config_credentials_token: $Template:Secrets.TF API TOKEN

name: 'Terraform'

on:
  push:
    branches: [ "main" ]
  pull_request:

permissions:
  contents: read

jobs:
  terraform:
    name: 'Terraform'
    runs-on: ubuntu-latest
    environment: production

    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
    defaults:
      run:
        shell: bash
    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v3

    # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
      with:
        cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}

    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terraform Init
      run: terraform init

    # Checks that all Terraform configuration files adhere to a canonical format
    - name: Terraform Format
      run: terraform fmt -check

    # Generates an execution plan for Terraform
    - name: Terraform Plan
      run: terraform plan -input=false

      # On push to "main", build or change infrastructure according to Terraform configuration files
      # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
    - name: Terraform Apply
      if: github.ref == 'refs/heads/"main"' && github.event_name == 'push'
      run: terraform apply -auto-approve -input=false


See also[edit]

Advertising: