GitHub Actions Workflow¶
Workflow files must be stored in the .github/workflows directory of your repository.
name¶
name: this-is-an-example
Optional. The name of your workflow. Displayed on the repository's "Actions" tab. If omitted, GitHub uses the workflow file path.
run-name¶
run-name: some text
Optional. The name for workflow runs generated from the workflow, shown in the list of workflow runs.
on¶
on:
Specifies the trigger for the workflow. You can define single or multiple events, set a schedule, or restrict execution to specific files, tags, or branches.
Run workflow on commit or tag push:
Run workflow on specific branches or ignore branches:
Run workflow on specific tags:
Run workflow on specific files:
Ignore specific paths:
Run workflow on pull request activity:
Run workflow on specific pull request types:
Manual trigger:
Manual trigger with required inputs:
on:
workflow_dispatch:
inputs:
TFAction:
type: choice
description: Terraform action
options:
- Apply
- Destroy
env¶
env:
A map of environment variables available to all jobs in the workflow. Can reference Actions secrets.
env:
ARM_CLIENT_ID: ${{secrets.ARM_CLIENT_ID}}
ARM_CLIENT_SECRET: ${{secrets.ARM_CLIENT_SECRET}}
ARM_TENANT_ID: ${{secrets.ARM_TENANT_ID}}
ARM_SUBSCRIPTION_ID: ${{secrets.ARM_SUBSCRIPTION_ID}}
defaults¶
defaults:
Set default settings for all jobs in the workflow.
jobs¶
jobs:
Define the jobs for your workflow.
Example Workflow¶
name: Infrastructure
on:
workflow_dispatch:
inputs:
TFAction:
type: choice
description: Terraform action
options:
- Apply
- Destroy
push:
paths-ignore:
- '.github/workflows/**'
branches:
- main
pull_request:
defaults:
run:
working-directory: project/
jobs:
action:
runs-on: ubuntu-latest
env:
ARM_CLIENT_ID: ${{secrets.ARM_CLIENT_ID}}
ARM_CLIENT_SECRET: ${{secrets.ARM_CLIENT_SECRET}}
ARM_TENANT_ID: ${{secrets.ARM_TENANT_ID}}
ARM_SUBSCRIPTION_ID: ${{secrets.ARM_SUBSCRIPTION_ID}}
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform format
id: fmt
run: terraform fmt
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Plan
id: plan
run: terraform plan -no-color -input=false
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ✅\`${{ steps.init.outcome }}\`
#### Terraform Plan ✅\`${{ steps.plan.outcome }}\`
#### Terraform Validation ✅\`${{ steps.validate.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply - on push
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform apply -auto-approve -input=false
- name: Terraform Apply - manually
if: ${{ inputs.TFAction == 'apply'}}
run: terraform apply -auto-approve -input=false
- name: Terraform Destroy - manually
if: ${{ inputs.TFAction == 'destroy'}}
run: terraform destroy -auto-approve