{"id":13515468,"url":"https://github.com/dflook/terraform-github-actions","last_synced_at":"2025-05-15T00:09:57.921Z","repository":{"id":39649624,"uuid":"277407719","full_name":"dflook/terraform-github-actions","owner":"dflook","description":"GitHub actions for terraform","archived":false,"fork":false,"pushed_at":"2025-04-09T23:02:05.000Z","size":10003,"stargazers_count":825,"open_issues_count":26,"forks_count":162,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-13T21:34:02.116Z","etag":null,"topics":["github-action","github-actions","hacktoberfest","terraform"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dflook.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["dflook"]}},"created_at":"2020-07-06T00:36:00.000Z","updated_at":"2025-04-11T11:21:31.000Z","dependencies_parsed_at":"2023-02-15T16:45:31.443Z","dependency_job_id":"4f4c0b97-3ec6-4e8c-9bab-6dcea851ceb5","html_url":"https://github.com/dflook/terraform-github-actions","commit_stats":{"total_commits":541,"total_committers":18,"mean_commits":"30.055555555555557","dds":0.08133086876155271,"last_synced_commit":"ef236194e3c9413fd255fc050e7c501023ab4dcc"},"previous_names":[],"tags_count":75,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-github-actions","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-github-actions/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-github-actions/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dflook%2Fterraform-github-actions/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dflook","download_url":"https://codeload.github.com/dflook/terraform-github-actions/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254249206,"owners_count":22039029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-action","github-actions","hacktoberfest","terraform"],"created_at":"2024-08-01T05:01:11.676Z","updated_at":"2025-05-15T00:09:52.912Z","avatar_url":"https://github.com/dflook.png","language":"Python","readme":"# Terraform and OpenTofu GitHub Actions ![release](https://img.shields.io/github/v/release/dflook/terraform-github-actions)![job runs](https://img.shields.io/docker/pulls/danielflook/terraform-github-actions?label=job%20runs)\n\nThis is a suite of Terraform and OpenTofu related GitHub Actions that can be used together to build effective Infrastructure as Code workflows.\n\n[GitHub Actions](https://github.com/features/actions) are a way to make automated workflows that trigger when events occur on your GitHub repository, using a YAML file that lives in your repo.\nThese actions can be used to easily perform [Terraform](https://www.terraform.io/) or [OpenTofu](https://www.opentofu.org/) tasks as part of your workflow.\n\nCurrently, there is just experimental support for OpenTofu, see [here](https://github.com/dflook/terraform-github-actions/blob/main/CHANGELOG.md#1370---2023-10-29)\n\n## Actions\n\nSee the documentation for the available actions:\n\n| Terraform | OpenTofu |\n|-------------------------------------------------------------------|---------------------------------------------------------|\n| [dflook/terraform-plan](terraform-plan) | [dflook/tofu-plan](tofu-plan) |\n| [dflook/terraform-apply](terraform-apply) | [dflook/tofu-apply](tofu-apply) |\n| [dflook/terraform-output](terraform-output) | [dflook/tofu-output](tofu-output) |\n| [dflook/terraform-remote-state](terraform-remote-state) | [dflook/tofu-remote-state](tofu-remote-state) |\n| [dflook/terraform-validate](terraform-validate) | [dflook/tofu-validate](tofu-validate) |\n| [dflook/terraform-fmt-check](terraform-fmt-check) | [dflook/tofu-fmt-check](tofu-fmt-check) |\n| [dflook/terraform-fmt](terraform-fmt) | [dflook/tofu-fmt](tofu-fmt) |\n| [dflook/terraform-check](terraform-check) | [dflook/tofu-check](tofu-check) |\n| [dflook/terraform-new-workspace](terraform-new-workspace) | [dflook/tofu-new-workspace](tofu-new-workspace) |\n| [dflook/terraform-destroy-workspace](terraform-destroy-workspace) | [dflook/tofu-destroy-workspace](tofu-destroy-workspace) |\n| [dflook/terraform-destroy](terraform-destroy) | [dflook/tofu-destroy](tofu-destroy) |\n| [dflook/terraform-version](terraform-version) | [dflook/tofu-version](tofu-version) |\n| [dflook/terraform-unlock-state](terraform-unlock-state) | [dflook/tofu-unlock-state](tofu-unlock-state) |\n| [dflook/terraform-test](terraform-test) | [dflook/tofu-test](tofu-test) |\n| [dflook/terraform-refresh](terraform-refresh) | [dflook/tofu-refresh](tofu-refresh) |\n\n## Example Usage\n\nThese actions can be added as steps to your own workflow files.\nGitHub reads workflow files from `.github/workflows/` within your repository.\nSee the [Workflow documentation](https://docs.github.com/en/actions/configuring-and-managing-workflows/configuring-a-workflow#about-workflows) for details on writing workflows.\n\nHere are some examples of how the actions can be used together in workflows.\n\n### Terraform plan PR approval\n\nTerraform plans typically need to be reviewed by a human before being applied.\nFortunately, GitHub has a well established method for requiring human reviews of changes - a Pull Request.\n\nWe can use PRs to safely plan and apply infrastructure changes.\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"terraform-apply/planapply.gif\" width=\"960\" alt=\"A video showing a PR being created, a plan being generated, the plan being reviewed, and the plan being applied.\"\u003e\n\u003c/p\u003e\n\nYou can make GitHub enforce this using branch protection, see the [dflook/terraform-apply](terraform-apply) action for details.\n\nIn this example we use two workflows:\n\n#### plan.yaml\n\nThis workflow runs on changes to a PR branch. It generates a Terraform plan and attaches it to the PR as a comment.\n\n```yaml\nname: Create terraform plan\n\non: [pull_request]\n\npermissions:\n contents: read\n pull-requests: write\n\njobs:\n plan:\n runs-on: ubuntu-latest\n name: Create a plan for an example terraform configuration\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: terraform plan\n uses: dflook/terraform-plan@v1\n with:\n path: my-terraform-config\n```\n\n#### apply.yaml\n\nThis workflow runs when the PR is merged into the main branch, and applies the planned changes.\n\n```yaml\nname: Apply terraform plan\n\non:\n push:\n branches:\n - main\n\npermissions:\n contents: read\n pull-requests: write\n\njobs:\n apply:\n runs-on: ubuntu-latest\n name: Apply terraform plan\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: terraform apply\n uses: dflook/terraform-apply@v1\n with:\n path: my-terraform-config\n```\n\n### Linting\n\nThis workflow runs on every push to non-main branches and checks the terraform configuration is valid.\nFor extra strictness, we check the files are in the canonical format.\n\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"terraform-validate/validate.png\" width=\"1000\" alt=\"A screenshot showing the output of the terraform validate action.\"\u003e\n\u003c/p\u003e\n\nThis can be used to check for correctness before merging.\n\n#### lint.yaml\n\n```yaml\nname: Lint\n\non:\n push:\n branches-ignore:\n - main\n\njobs:\n validate:\n runs-on: ubuntu-latest\n name: Validate terraform configuration\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: terraform validate\n uses: dflook/terraform-validate@v1\n with:\n path: my-terraform-config\n\n fmt-check:\n runs-on: ubuntu-latest\n name: Check formatting of terraform files\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: terraform fmt\n uses: dflook/terraform-fmt-check@v1\n with:\n path: my-terraform-config\n```\n\n### Checking for drift\n\nThis workflow runs every morning and checks that the state of your infrastructure matches the configuration.\n\nThis can be used to detect manual or misapplied changes before they become a problem.\nIf there are any unexpected changes, the workflow will fail.\n\n#### drift.yaml\n\n```yaml\nname: Check for infrastructure drift\n\non:\n schedule:\n - cron: \"0 8 * * *\"\n\njobs:\n check_drift:\n runs-on: ubuntu-latest\n name: Check for drift of example terraform configuration\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: Check for drift\n uses: dflook/terraform-check@v1\n with:\n path: my-terraform-config\n```\n\n### Scheduled infrastructure updates\n\nThere may be times when you expect Terraform to plan updates without any changes to your configuration files.\nYour configuration could be consuming secrets from elsewhere, or renewing certificates every few months.\n\nThis example workflow runs every morning and applies any outstanding changes to those specific resources.\n\n#### rotate-certs.yaml\n\n```yaml\nname: Rotate TLS certificates\n\non:\n schedule:\n - cron: \"0 8 * * *\"\n\njobs:\n rotate_certs:\n runs-on: ubuntu-latest\n name: Rotate TLS certificates in example terraform configuration\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: Rotate certs\n uses: dflook/terraform-apply@v1\n with:\n path: my-terraform-config\n auto_approve: true\n target: |\n acme_certificate.certificate\n kubernetes_secret.certificate\n```\n\n### Automatically fixing formatting\n\nPerhaps you don't want to spend engineer time making formatting changes. This workflow will automatically create or update a PR that fixes any formatting issues.\n\n#### fmt.yaml\n\n```yaml\nname: Check terraform file formatting\n\non:\n push:\n branches: \n - main \n\njobs:\n format:\n runs-on: ubuntu-latest\n name: Check terraform file are formatted correctly\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: terraform fmt\n uses: dflook/terraform-fmt@v1\n with:\n path: my-terraform-config\n \n - name: Create Pull Request\n uses: peter-evans/create-pull-request@v2\n with:\n commit-message: terraform fmt\n title: Reformat terraform files\n body: Update terraform files to canonical format using `terraform fmt`\n branch: automated-terraform-fmt\n```\n\n### Ephemeral test environments\n\nTesting of software changes often requires some supporting infrastructure, like databases, DNS records, compute environments etc.\nWe can use these actions to create dedicated resources for each PR which is used to run tests.\n\nThere are two workflows:\n\n#### integration-test.yaml\n\nThis workflow runs with every change to a PR.\n\nIt deploys the testing infrastructure using a Terraform workspace dedicated to this branch, then runs integration tests against the new infrastructure.\n\n```yaml\nname: Run integration tests\n\non: [pull_request]\n\njobs:\n run_tests:\n runs-on: ubuntu-latest\n name: Run integration tests\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: Use branch workspace\n uses: dflook/terraform-new-workspace@v1\n with:\n path: my-terraform-config\n workspace: ${{ github.head_ref }}\n \n - name: Deploy test infrastrucutre\n uses: dflook/terraform-apply@v1\n id: test-infra\n with:\n path: my-terraform-config\n workspace: ${{ github.head_ref }}\n auto_approve: true\n\n - name: Run tests\n run: |\n ./run-tests.sh --endpoint \"${{ steps.test-infra.outputs.url }}\"\n```\n\n#### integration-test-cleanup.yaml\n\nThis workflow runs when a PR is closed and destroys any testing infrastructure that is no longer needed.\n\n```yaml\nname: Destroy testing workspace\n\non:\n pull_request:\n types: [closed] \n\njobs:\n cleanup_tests:\n runs-on: ubuntu-latest\n name: Cleanup after integration tests\n steps:\n - name: Checkout\n uses: actions/checkout@v4\n\n - name: terraform destroy\n uses: dflook/terraform-destroy-workspace@v1\n with:\n path: my-terraform-config\n workspace: ${{ github.head_ref }}\n```\n","funding_links":["https://github.com/sponsors/dflook"],"categories":["Tools"],"sub_categories":["CI"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdflook%2Fterraform-github-actions","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdflook%2Fterraform-github-actions","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdflook%2Fterraform-github-actions/lists"}