GitHub Action
Terraform check action
HENNGE/terraform-check is a composite action (using Python in the back) to execute checks on Terraform configuration in your Github Actions workflow.
This action will execute the following Terraform commands:
terraform initterraform fmtterraform validateterraform plan
The result and detailed report of the check will be returned as output of this action. Optionally, the detailed report can be automatically posted as PR comments.
Make sure that your workflow already have the credentials needed by your Terraform configuration. (e.g. authenticate to AWS with aws-actions/configure-aws-credentials)
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tfSpecific Terraform version can be used:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
terraform_version: 1.1.7If terraform is already installed, it can be used:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
terraform_version: systemMultiple directories can be set as input, separated by space:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf infra/tf2If checking on multiple directories, you can set Terraform version for each directory:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf infra/tf2
terraform_version: 1.1.7 1.3.4If only one version is set, it will be used for all directories:
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf infra/tf2
terraform_version: 1.1.7Detailed report can be automatically posted as a pull request comment. Make sure that Github token has permission to write into pull requests.
permissions:
contents: read
pull-requests: write
# ... (omitted)
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
post_comment: true
github_token: ${{ secrets.GITHUB_TOKEN }}If post_comment is set to update, the previous comment will be updated if the action runs again.
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
post_comment: update
github_token: ${{ secrets.GITHUB_TOKEN }}If post_comment is set to nonzero, comments will only be posted if return code is not zero (checks failed or there are changes).
steps:
- uses: HENNGE/terraform-check@v1
with:
directory: infra/tf
post_comment: nonzero
github_token: ${{ secrets.GITHUB_TOKEN }}directory: (required) One or more directories separated by space, containing the Terraform configuration.terraform_version: (optional) Terraform version to use. You can set version for each directory if checking on multiple directories. If set tosystem, the action will use the terraform version already installed. Defaults tolatest.hide_refresh: (optional) Hide state refresh output from reportpost_comment: (optional) Whether to post detailed report as pull request comment.- If set to
true, will post a comment every time. - If set to
update, will post a comment and then update the existing comment on any subsequent runs. - If set to
nonzero, will post a comment only if any checks failed or there's changes to the Terraform plan (returncode other than 0).
- If set to
github_token: (optional) Github access token, required to post PR comments.issue_number: (optional) If set, post comment to a specific issue or PR instead of the current one.
returncode:0if all checks passed.1if any checks failed.2if there's changes to the Terraform plan.
result: Check result in the format ofTerraform check on <path> <result>.report: Detailed report in Github Markdown format of the check result includingterraform planoutput.
The detailed report will look like this:
Show Details
Show Plan
No changes. Your infrastructure matches the configuration. Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.
- This action is inspired from dflook/terraform-check
- Detailed report format is adapted from hashicorp/setup-terraform