{"id":14957994,"url":"https://github.com/libre-devops/azure-terraform-gh-action","last_synced_at":"2025-10-24T14:30:16.552Z","repository":{"id":40401599,"uuid":"490053787","full_name":"libre-devops/azure-terraform-gh-action","owner":"libre-devops","description":"A very opinionated Docker-Based GitHub Action used to deploy to Azure using Terraform.  This Action deploys a container with several tools pre-installed - terraform, terraform-compliance, checkov and tfsec - and expects all of these to run successfully before it'll run terraform apply. This action only supports the use of terraform workspace, terraform plan and terraform apply :rainbow:","archived":false,"fork":false,"pushed_at":"2022-11-06T22:24:34.000Z","size":90,"stargazers_count":4,"open_issues_count":1,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-01-31T01:39:07.871Z","etag":null,"topics":["azure","azurerm","azurerm-terraform-provider","github-actions","terraform"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libre-devops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-08T20:59:25.000Z","updated_at":"2024-09-25T03:08:28.000Z","dependencies_parsed_at":"2023-01-11T17:21:53.466Z","dependency_job_id":null,"html_url":"https://github.com/libre-devops/azure-terraform-gh-action","commit_stats":{"total_commits":110,"total_committers":2,"mean_commits":55.0,"dds":0.4727272727272728,"last_synced_commit":"d4da25b265324785dd28d0e41f688501f514056a"},"previous_names":[],"tags_count":1,"template":true,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fazure-terraform-gh-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fazure-terraform-gh-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fazure-terraform-gh-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fazure-terraform-gh-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libre-devops","download_url":"https://codeload.github.com/libre-devops/azure-terraform-gh-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237981655,"owners_count":19397102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","azurerm","azurerm-terraform-provider","github-actions","terraform"],"created_at":"2024-09-24T13:15:57.137Z","updated_at":"2025-10-24T14:30:15.861Z","avatar_url":"https://github.com/libre-devops.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Libre DevOps - Azure Terraform GitHub Action\n\nHello :wave:\n\nThis is a repository for the heavily opinionated GitHub Action to run Terraform, mainly targetting Azure. As stated, this action is opinionated, in that it expects all parameters to provided to it, and will only run on the assumption these work - or else, it should error.  It is mainly used for the development of Libre DevOps terraform modules - but could be used by others, but be aware that it is not for everyone!\n\n## What it does\n\n- Pulls a Docker container - `ghcr.io/libre-devops/azure-terraform-gh-action-base:latest`\n- Runs a Standard Terraform Workflow as Follows:\n```shell\nterraform init\nterraform workspace new ${workspace_name}\nterraform validate\nterraform plan\n``` \n\n- Then, based on some parameters to the action, will run other parts:\n```shell\nterraform plan -destroy\nterraform apply\nterraform-compliance\ntfsec\ncheckov\n```\n\n### Example Usage\n\nCheck out the [workflows](https://github.com/libre-devops/azure-terraform-gh-action/tree/main/.github/workflows) folder for more examples\n\n```yaml\nname: 'Terraform Plan'\n\n#Allow run manually or on push to main or in PR closure\non:\n  push:\n    branches:\n    - main\n  pull_request:\n    types: [closed]\n  workflow_dispatch:\n\njobs:\n  azure-terraform-job:\n    name: 'Terraform Build'\n    runs-on: ubuntu-latest\n    environment: tst\n\n    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest\n    defaults:\n      run:\n        shell: bash\n\n    steps:\n      - uses: actions/checkout@v3\n\n      - name: Libre DevOps Terraform GitHub Action\n        id: terraform-build\n        uses: libre-devops/azure-terraform-gh-action@v1\n        with:\n          terraform-path: \"terraform\"\n          terraform-workspace-name: \"dev\"\n          terraform-backend-storage-rg-name: ${{ secrets.SpokeSaRgName }}\n          terraform-backend-storage-account-name: ${{ secrets.SpokeSaName }}\n          terraform-backend-blob-container-name: ${{ secrets.SpokeSaBlobContainerName }}\n          terraform-backend-storage-access-key: ${{ secrets.SpokeSaPrimaryKey }}\n          terraform-backend-state-name: \"lbdo-dev-gh.terraform.tfstate\"\n          terraform-provider-client-id: ${{ secrets.SpokeSvpClientId }}\n          terraform-provider-client-secret: ${{ secrets.SpokeSvpClientSecret }}\n          terraform-provider-subscription-id: ${{ secrets.SpokeSubId }}\n          terraform-provider-tenant-id: ${{ secrets.SpokeTenantId }}\n          terraform-compliance-path: \"git:https://github.com/craigthackerx/azure-terraform-compliance-naming-convention.git//?ref=main\"\n          checkov-skipped-tests: \"CKV_AZURE_2\"\n          run-terraform-destroy: \"false\"\n          run-terraform-plan-only: \"true\"\n\n```\n\n### Logic\n\n```\nif run-terraform-destroy = false AND run-terraform-plan-only = true == Run terraform plan but NEVER run terraform apply\nif run-terraform-destroy = true AND run-terraform-plan-only = true == Run terraform plan -destroy but NEVER run terraform apply\nif run-terraform-destroy = false AND run-terraform-plan-only = false == Run terraform plan AND run terraform apply\nif run-terraform-destroy = run AND run-terraform-plan-only = false == Run terraform plan -destroy AND run terraform apply\n```\n\n\n### Inputs\n\n```yaml\n  terraform-path:\n    description: 'The absolute path in Linux format to your terraform code'\n    required: true\n\n  terraform-workspace-name:\n    description: 'The name of a terraform workspace, should be in plain text string'\n    required: true\n    \n  terraform-backend-storage-rg-name:\n    description: 'The name of resource group your storage account exists in,  needed for state file storage'\n    required: true\n\n  terraform-backend-storage-account-name:\n    description: 'The name of your storage account , needed for state file storage'\n    required: true\n\n  terraform-backend-blob-container-name:\n    description: 'The name of your storage account blob container, needed for state file storage'\n    required: true\n\n  terraform-backend-storage-access-key:\n    description: 'The key to access your storage account, needed for state file storage'\n    required: true\n\n  terraform-backend-state-name:\n    description: 'The name of your statefilee, needed for state terraform'\n    required: true\n\n  terraform-provider-client-id:\n    description: 'The client ID for your service principal, needed to authenticate to your tenant'\n    required: true\n\n  terraform-provider-client-secret:\n    description: 'The client secret for your service principal, needed to authenticate to your tenant'\n    required: true\n\n  terraform-provider-subscription-id:\n    description: 'The subscription id of the subscription you wish to deploy to, needed to authenticate to your tenant'\n    required: true\n\n  terraform-provider-tenant-id:\n    description: 'The tenant id of which contains subscription you wish to deploy to, needed to authenticate to your tenant'\n    required: true\n\n  terraform-compliance-path:\n    description: 'The path to your terraform-compliance policies, should be a local path or passed as git: etc'\n    required: true\n\n  checkov-skipped-tests:\n    description: 'The CKV codes you wish to skip, if any.'\n    required: true\n\n  run-terraform-destroy:\n    description: 'Do you want to run terraform destroy? - Set to true to trigger terraform plan -destroy'\n    required: true\n    default: \"false\"\n    \n  run-terraform-plan-only:\n    description: 'Do you only want to run terraform plan \u0026 never run the apply or apply destroy? - Set to true to trigger terraform plan only.'\n    required: true\n    default: \"true\"\n```\n\n### Outputs\n\nNone\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibre-devops%2Fazure-terraform-gh-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibre-devops%2Fazure-terraform-gh-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibre-devops%2Fazure-terraform-gh-action/lists"}