Difference between revisions of ".github/workflows/terraform.yml"
Jump to navigation
Jump to search
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | GitHub official template for terraform, as of Feb 2024 | + | GitHub official template for terraform, as of Feb 2024, requires create a [[GitHub secret]] <code>[[TF_API_TOKEN]]</code> |
[[.github/workflows/]]terraform.yml | [[.github/workflows/]]terraform.yml | ||
Line 35: | Line 35: | ||
# | # | ||
# | # | ||
+ | # 2. Generate a [[Terraform Cloud user API token]] and store it as a [[GitHub secret]] (e.g. [[TF_API_TOKEN]]) on this repository. | ||
+ | # Documentation: | ||
+ | # - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html | ||
+ | # - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets | ||
+ | # | ||
+ | # 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. | ||
+ | # Example: | ||
+ | # - name: Setup Terraform | ||
+ | # uses: [[hashicorp/setup-terraform]]@v1 | ||
+ | # with: | ||
+ | # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | ||
+ | |||
+ | name: 'Terraform' | ||
+ | |||
+ | on: | ||
+ | push: | ||
+ | branches: [ "main" ] | ||
+ | pull_request: | ||
+ | |||
+ | permissions: | ||
+ | contents: read | ||
+ | |||
+ | jobs: | ||
+ | terraform: | ||
+ | name: 'Terraform' | ||
+ | runs-on: ubuntu-latest | ||
+ | environment: production | ||
+ | |||
+ | # Use the Bash shell regardless whether the GitHub Actions runner is [[ubuntu-latest]], [[macos-latest]], or [[windows-latest]] | ||
+ | defaults: | ||
+ | run: | ||
+ | shell: bash | ||
<pre> | <pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
steps: | steps: | ||
# Checkout the repository to the GitHub Actions runner | # Checkout the repository to the GitHub Actions runner | ||
Line 98: | Line 97: | ||
run: terraform apply -auto-approve -input=false | run: terraform apply -auto-approve -input=false | ||
</pre> | </pre> | ||
+ | |||
+ | |||
+ | == See also == | ||
+ | * {{GHA}} | ||
+ | |||
+ | [[Category:GitHub Actions]] |
Latest revision as of 20:21, 7 February 2024
GitHub official template for terraform, as of Feb 2024, requires create a GitHub secret TF_API_TOKEN
.github/workflows/terraform.yml
# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file # with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run # `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events # to the "main" branch, `terraform apply` will be executed. # # Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform # # To use this workflow, you will need to complete the following setup steps. # # 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. # Example `main.tf`: # # The configuration for the `remote` backend. # terraform { # backend "remote" { # # The name of your Terraform Cloud organization. # organization = "example-organization" # # # The name of the Terraform Cloud workspace to store Terraform state files in. # workspaces { # name = "example-workspace" # } # } # } # # # An example resource that does nothing. # resource "null_resource" "example" { # triggers = { # value = "A example resource that does nothing!" # } # } # # # 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. # Documentation: # - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html # - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets # # 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. # Example: # - name: Setup Terraform # uses: hashicorp/setup-terraform@v1 # with: # cli_config_credentials_token: $Template:Secrets.TF API TOKEN name: 'Terraform' on: push: branches: [ "main" ] pull_request: permissions: contents: read jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest environment: production # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash
steps: # Checkout the repository to the GitHub Actions runner - name: Checkout uses: actions/checkout@v3 # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v1 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init # Checks that all Terraform configuration files adhere to a canonical format - name: Terraform Format run: terraform fmt -check # Generates an execution plan for Terraform - name: Terraform Plan run: terraform plan -input=false # On push to "main", build or change infrastructure according to Terraform configuration files # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - name: Terraform Apply if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' run: terraform apply -auto-approve -input=false
See also[edit]
- GitHub Actions,
act, .github/workflows/
,~/actions-runner/
,svc.sh
,deploy:, run:, runs-on:
,uses:
,steps:
,jobs:
,on:, env:, uses:, script:, continue-on-error:, template:, aws-actions, inputs:
,GITHUB_ENV, needs:, github.
, GitHub runner, my-docker-publish.yml, GitHub Actions variables, GitHub Actions contexts, GitHub Actions Importer, If:, SLSA, Actions Runner Controller (ARC),$GITHUB OUTPUT
,notify:
, Marketplace,GITHUB_TOKEN
Advertising: