Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

An example of Continuous Integration with GitHub Actions and HashiCorp Terraform

License

Notifications You must be signed in to change notification settings

WahlNetwork/github-action-terraform

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Continuous Integration with GitHub Actions and HashiCorp Terraform

Based on this blog post

Overview

In this scenario, continuous integration of an AWS environment is desired. Configuration is managed via HashiCorp Terraform. Continuous Integration is managed via GitHub Actions. By loading the necessary Terraform configuration files into this repository along with two GitHub Workflows, the Terraform files can be used to Plan and Apply into the target environment.

NOTE: GitHub Actions are disabled for this repository to prevent abuse. You can view previous runs here.

Details

This repository contains two GitHub Workflow files:

Terraform Plan

  • Checks the Terraform configuration for security vulnerabilities with tfsec.

  • Constructs AWS credentials using a Secrets stored in this repository.

  • Loads the Terraform CLI wrapper with Setup Terraform

  • Terraform CLI performs an Init and Plan based on the pull request's configuration.

  • GitHub Actions Bot adds a comment to the pull request with the results. Example: Pull Request 1

You can view pervious Terraform Plan workflows here.

Terraform Apply

  • Constructs AWS credentials using a Secrets stored in this repository.

  • Loads the Terraform CLI wrapper with Setup Terraform

  • Terraform CLI performs an Init and Apply based on the new push configuration.

You can view pervious Terraform Apply workflows here.

Credentials

Credentials should be stored in the user\.aws\credential file using Secrets stored in this repository.

Example:

mkdir -p ~/.aws
echo "[default]" > ~/.aws/credentials
echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials

Releases

No releases published

Packages

No packages published

Languages