GitHub Actions

Guide to using GitHub Actions for Terraform modules.

Overview

GitHub Actions provides CI/CD capabilities directly in your repository.

Workflow Components

Triggers

Define when workflows run:

on:
  pull_request:
    branches: [main, dev]
  push:
    branches: [main]
  workflow_dispatch:  # Manual trigger

Jobs

Organize workflow steps:

jobs:
  terraform-validation:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3

Steps

Individual actions within jobs:

- name: Checkout code
  uses: actions/checkout@v4

- name: Run command
  run: terraform validate

Common Actions

Checkout Code

- uses: actions/checkout@v4

Setup Terraform

- uses: hashicorp/setup-terraform@v3
  with:
    terraform_version: "1.6.0"

Setup Python

- uses: actions/setup-python@v5
  with:
    python-version: '3.x'

Setup TFLint

- uses: terraform-linters/setup-tflint@v4

Secrets

Store sensitive values securely:

- name: Use secret
  env:
    SECRET_VALUE: ${{ secrets.MY_SECRET }}
  run: echo "$SECRET_VALUE"

Matrix Strategy

Run jobs across multiple configurations:

strategy:
  matrix:
    terraform-version: ['1.5.0', '1.6.0']
    os: [ubuntu-latest, windows-latest]

Conditional Execution

Run steps conditionally:

- name: Run if condition
  if: github.event_name == 'pull_request'
  run: echo "PR workflow"

Artifacts

Share files between jobs:

- name: Upload artifact
  uses: actions/upload-artifact@v3
  with:
    name: terraform-plan
    path: terraform.tfplan

- name: Download artifact
  uses: actions/download-artifact@v3
  with:
    name: terraform-plan

Overview​

Workflow Components​

Triggers​

Jobs​

Steps​

Common Actions​

Checkout Code​

Setup Terraform​

Setup Python​

Setup TFLint​

Secrets​

Matrix Strategy​

Conditional Execution​

Artifacts​

Learn More​