Contains composite GitHub actions used within Terraform AWS Module projects.
The clowdhaus/terraform-composite-actions/commit
action will commit any changes back to your git-branch
. When used in conjunction with clowdhaus/terraform-composite-actions/pre-commit
, this action will ensure that pull-requests are well formatted and the automatically generated documentation is updated.
A GitHub personal access token is required in order for the action to be able to successfully commit and push any changes back to the specified branch.
When using this action from a forked copy, it will only succeed if either of two conditions are met:
- The user who has forked the project must create a GitHub personal access token with the defined permissions and store it in their forked repository under the same name as the upstream secret (defined in the workflow file)
- The entity that presides over the source repository extends access to the secret (you should be mindful of what this means - extending secret access to forked repositories means those forks could potentially retrieve those secret values) via https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/
jobs:
commit:
name: Commit changes
runs-on: ubuntu-latest
steps:
- name: Commit changes
uses: clowdhaus/terraform-composite-actions/commit@main
with:
git-branch: ${{ github.event.pull_request.head.ref }}
github-repository: ${{github.event.pull_request.head.repo.full_name}}
github-token: ${{ secrets.YOUR_GITHUB_PAT }}
The clowdhaus/terraform-composite-actions/directories
action will return a list of directories that contain a versions.tf
, where the presence of a versions.tf
file is loosely representative of a Terraform project root directory. This is useful for running a set of commands in each Terraform root directory under a given project.
jobs:
directories:
name: Get Terraform directories
runs-on: ubuntu-latest
steps:
- name: Sign AWS Lambda artifact
uses: clowdhaus/terraform-composite-actions/directories@main
id: search
- name: Outputs
run: echo "${{ steps.search.outputs.directories }}"
The clowdhaus/terraform-composite-actions/pre-commit
action will install the following tools which are intended to support the pre-commit hooks used within Terraform modules:
- pre-commit
- terraform using provided
terraform-version
input (required) - tflint using provided
tflint-version
input (default =latest
) - terraform-docs using provided
terraform-docs-version
input (default =v0.16.0
)
- tfsec, when
install-tfsec=true
(default =false
), using providedtfsec-version
input (default =1.28.0
) - hcledit when
install-hcledit=true
(default =false
), using providedhcledit-version
input (default =0.2.3
)
jobs:
pre-commit:
name: Pre-commit hooks execute
runs-on: ubuntu-latest
steps:
- name: Sign AWS Lambda artifact
uses: clowdhaus/terraform-composite-actions/pre-commit@main
with:
# Configure default software
terraform-version: 1.2.0
terraform-docs-version: v0.16.0
# Configure optional software
install-hcledit: true
hcledit-version: 0.2.3
args: "--all-files --color always --show-diff-on-failure"
Apache-2.0 Licensed. See LICENSE.