initial version

.github/workflows/terraform.yml

@@ -0,0 +1,70 @@
+name: Plan and Apply Terraform
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    environment: production
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+
+      - name: Terraform Init
+        run: terraform init
+
+      - name: Terraform Plan
+        run: terraform plan -out=plan.raw
+
+      - name: Convert the plan to JSON
+        id: planToJson
+        run: terraform show -json plan.raw
+
+      - name: Save JSON to a file
+        uses: fishcharlie/[email protected]
+        with:
+          data: ${{ steps.planToJson.outputs.stdout }}
+          output: plan.json
+
+      - name: Upload Terraform Plan Output
+        uses: actions/upload-artifact@v2
+        with:
+          name: plan-file
+          path: plan.json
+
+      # - name: Terraform Apply
+      #   if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+      #   run: terraform apply -auto-approve -input=false
+
+  resourcely-ci:
+    needs: terraform
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Download Terraform Plan Output
+        uses: actions/download-artifact@v2
+        with:
+          name: plan-file
+          path: tf-plan-files/
+
+      - name: Resourcely CI
+        uses: Resourcely-Inc/resourcely-action@v1
+        with:
+          resourcely_api_token: ${{ secrets.RESOURCELY_API_TOKEN }}
+          resourcely_api_host: "https://api.dev.resourcely.io"
+          tf_plan_directory: "tf-plan-files"

.resourcely.yaml

@@ -0,0 +1,5 @@
+version: "1"
+
+terraform_config_roots:
+  - name: Example project
+    relative_path: .

README.md

@@ -0,0 +1,48 @@
+# Resourcely Github Actions Scaffolding
+
+This repository demonstrates how to integrate Resourcely into
+repository that used Github Actions as the Terraform runner..
+
+It contains a [workflow](.github/workflows/terraform.yml) that runs
+`terraform plan` and then uses the [Resourcely Github
+Action](https://github.com/Resourcely-Inc/resourcely-action` to
+evaluate guardrails on that plan.
+
+## Assumptions
+
+This repository uses Github Actions to run `terraform plan` and
+`terraform apply`.
+
+If you use a different runner, see the scaffolding repository for that
+runner:
+
+- Terraform Cloud - [scaffolding-github-terraform-cloud](https://github.com/Resourcely-Inc/scaffolding-github-terraform-cloud)
+
+## Usage
+
+This repository is a template. Some setup is required after cloning to use it.
+
+### 1. Configure Terraform Backend
+
+Running Terraform in Github Actions requires storing the Terraform
+state in a durable backend.  Terraform supports a variety of backends
+described
+[here](https://developer.hashicorp.com/terraform/language/settings/backends/configuration).
+
+Edit [terraform.tf](terraform.tf) to add and configured your chosen
+backend.
+
+### 2. Add Resourcely API Token to Github Secrets.
+
+The Resourcely Github Action requires an API token to authenticate to
+the Resourcely API.
+
+- Generate a new API token in the [Resourcely portal](https://portal.resourcely.io/settings/generate-api-token)
+- Create a new [Github repository secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository) named `RESOURCELY_API_TOKEN` containing this token.
+
+### 3. Update .resourcely.yaml
+
+`.resourcely.yaml` tells Resourcely where to find the Terraform
+configs within this repo.  If you move the config out of the
+repository root or add new configs in subdirectories, update the file
+to reflect these changes.

main.tf

@@ -0,0 +1,5 @@
+# main.tf
+
+resource "null_resource" "foo" {
+  triggers = { "foo": "bar" }
+}

terraform.tf

@@ -0,0 +1,13 @@
+terraform {
+
+  # Configure a Terraform backend here.
+  #
+  # backend "..." {
+  # }
+
+  required_providers {
+    null = {
+      version = "~> 3.0"
+    }
+  }
+}