Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cds-snc/terraform-plan
GitHub Action to run Terraform plan and add a comment with the changes.
https://github.com/cds-snc/terraform-plan
github-actions terraform terragrunt
Last synced: 30 days ago
JSON representation
GitHub Action to run Terraform plan and add a comment with the changes.
- Host: GitHub
- URL: https://github.com/cds-snc/terraform-plan
- Owner: cds-snc
- License: mit
- Created: 2021-06-23T12:43:44.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-04-08T12:31:00.000Z (8 months ago)
- Last Synced: 2024-04-11T04:13:58.344Z (8 months ago)
- Topics: github-actions, terraform, terragrunt
- Language: JavaScript
- Homepage:
- Size: 6.13 MB
- Stars: 55
- Watchers: 18
- Forks: 4
- Open Issues: 12
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-tf - terraform-plan - GitHub Action to run Terraform plan and add a comment with the changes. (Tools / CI)
README
# Terraform Plan GitHub Action
Runs `terraform plan` on your project and posts a comment with the changes on a Pull Request (PR). It runs the following commands:
```sh
terraform init
terraform validate
terraform fmt --check
terraform plan -out=plan.tfplan
terraform show -json plan.tfplan
```
This action **does not** install Terraform or Terragrunt, but can be installed using [Terraform tools setup action](https://github.com/cds-snc/terraform-tools-setup). You can see how it's used in the [pr-test.yaml workflow](.github/workflows/pr-test.yaml).# Settings
Use the following to control the action:| Setting | Description | Default |
|------------------|--------------------------------------------------------------------|--------------|
| `allow-failure` | Allow the action to fail | false |
| `comment` | Add comment with changes to the PR | true |
| `comment-delete` | Delete previous comments made by the bot on the PR | false |
| `comment-title` | The title to give the PR comment | Plan changes |
| `conftest-character-limit` | Character limit for Conftest output | 2000 |
| `conftest-checks`| Location of custom conftest check definitions | git::https://github.com/cds-snc/opa_checks.git//aws_terraform |
| `directory` | Directory with the `*.tf` files to validate | . |
| `github-token` | GitHub Token used to add comment to PR (required to add comments). | |
| `plan-character-limit` | Character limit for Terraform plan output | 30000 |
| `terraform-init` | Custom Terraform init args | |
| `terragrunt` | Use Terragrunt instead of Terraform | false |
| `skip-conftest` | Skip the Conftest step | false |
| `skip-fmt` | Skip the Terraform format check | false |
| `skip-plan` | Skip the Terraform plan for projects without a remote state | false |# Examples
```yaml
# Setup Terraform, Terragrunt, and Conftest
- name: Setup terraform tools
uses: cds-snc/terraform-tools-setup@v1# Run Terraform plan and add a comment with changes on the PR
- name: Terraform plan
uses: cds-snc/terraform-plan
with:
github-token: ${{ secrets.GITHUB_TOKEN }}# Use Terragrunt, allow failure and set a custom PR comment title
- name: Terraform plan
uses: cds-snc/terraform-plan
with:
allow-failure: true
comment-title: Custom comment title
github-token: ${{ secrets.GITHUB_TOKEN }}
terragrunt: true# Run on a sub project folder, deleting previous PR comments made by the action
- name: Terraform plan
uses: cds-snc/terraform-plan
with:
directory: ./infra
comment-delete: true
github-token: ${{ secrets.GITHUB_TOKEN }}# Run Terraform plan with no PR comment
# Plan will still availabe in the workflow logs
- name: Terraform plan
uses: cds-snc/terraform-plan
with:
add-comment: false# Run Terraform plan custom Terraform init args
- name: Terraform plan
uses: cds-snc/terraform-plan
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
terraform-init: |
-backend-config="bucket=your-state-bucket-name"
-backend-config="region=ca-central-1"
```# Contributing
To setup your local dev environment:
```sh
npm install
npm run prepare
```
Husky provides a pre-commit hook that builds the `dist/index.js` used by the action. To test locally, [nektos/act](https://github.com/nektos/act) works well.# Policy
[Open Policy Agent](https://www.openpolicyagent.org/) is used to check the `terraform plan` for changes. [Policies](./policy) are written in Rego and then compiled into a WebAssembly module using `npm run policy`.