GitHub Action
Terraform check action
HENNGE/terraform-check
is a composite action (using Python in the back) to execute checks on Terraform configuration in your Github Actions workflow.
This action will execute the following Terraform commands:
terraform init
terraform fmt
terraform validate
terraform plan
The result and detailed report of the check will be returned as output of this action. Optionally, the detailed report can be automatically posted as PR comments.
Make sure that your workflow already have the credentials needed by your Terraform configuration. (e.g. authenticate to AWS with aws-actions/configure-aws-credentials)
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
Specific Terraform version can be used:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
terraform_version: 1.1.7
Multiple directories can be set as input, separated by space:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf infra/tf2
If checking on multiple directories, you can set Terraform version for each directory:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf infra/tf2
terraform_version: 1.1.7 1.3.4
If only one version is set, it will be used for all directories:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf infra/tf2
terraform_version: 1.1.7
Detailed report can be automatically posted as a pull request comment. Make sure that Github token has permission to write into pull requests.
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
post_comment: true
github_token: ${{ secrets.GITHUB_TOKEN }}
If post_comment
is set to nonzero
, comments will only be posted if return code is not zero (checks failed or there are changes).
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
post_comment: nonzero
github_token: ${{ secrets.GITHUB_TOKEN }}
directory
: (required) One or more directories separated by space, containing the Terraform configuration.terraform_version
: (optional) Terraform version to use. You can set version for each directory if checking on multiple directories. Defaults tolatest
.post_comment
: (optional) Whether to post detailed report as pull request comment.- If set to
true
, will post comment every time. - If set to
nonzero
, will post comment only if any checks failed or there's changes to the Terraform plan (returncode other than 0).
- If set to
github_token
: (optional) Github access token, required to post PR comments.
returncode
:0
if all checks passed.1
if any checks failed.2
if there's changes to the Terraform plan.
result
: Check result in the format ofTerraform check on <path> <result>
.report
: Detailed report in Github Markdown format of the check result includingterraform plan
output.
The detailed report will look like this:
Show Details
Show Plan
No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
- This action is inspired from dflook/terraform-check
- Detailed report format is adapted from hashicorp/setup-terraform