Skip to content

Latest commit

 

History

History
 
 

terraform-check

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
action.yaml
action.yaml
 
 

README.md

terraform-check action

This is one of a suite of terraform related actions - find them at dflook/terraform-github-actions.

Check for drift in terraform managed resources. This action runs the terraform plan command, and fails the build if any changes are required. This is intended to run on a schedule to notify if manual changes to your infrastructure have been made.

Inputs

  • path

    Path to the terraform configuration to check

    • Type: string
    • Required

  • workspace

    Terraform workspace to run the plan in

    • Type: string
    • Optional
    • Default: default

  • variables

    Variables to set for the terraform plan. This should be valid terraform syntax - like a variable definition file.

    with:
  variables: |
    image_id = "${{ secrets.AMI_ID }}"
    availability_zone_names = [
      "us-east-1a",
      "us-west-1c",
    ]

    Variables set here override any given in var_files.

    • Type: string
    • Optional

  • var

    ⚠️ Deprecated: Use the variables input instead.

    Comma separated list of terraform vars to set

    • Type: string
    • Optional

  • var_file

    Comma separated list of tfvars files to use. Paths should be relative to the GitHub Actions workspace

    • Type: string
    • Optional

  • backend_config

    Comma separated list of terraform backend config values.

    • Type: string
    • Optional

  • backend_config_file

    Comma separated list of terraform backend config files to use. Paths should be relative to the GitHub Actions workspace

    • Type: string
    • Optional

  • parallelism

    Limit the number of concurrent operations

    • Type: number
    • Optional
    • Default: 10

Environment Variables

  • TERRAFORM_CLOUD_TOKENS

    API tokens for terraform cloud hosts, of the form <host>=<token>. Multiple tokens may be specified, one per line. These tokens may be used with the remote backend and for fetching required modules from the registry.

    e.g for terraform cloud:

    env:
  TERRAFORM_CLOUD_TOKENS: app.terraform.io=${{ secrets.TF_CLOUD_TOKEN }}

    With Terraform Enterprise or other registries:

    env:
  TERRAFORM_CLOUD_TOKENS: |
    app.terraform.io=${{ secrets.TF_CLOUD_TOKEN }}
    terraform.example.com=${{ secrets.TF_REGISTRY_TOKEN }}
    • Type: string
    • Optional

  • TERRAFORM_SSH_KEY

    A SSH private key that terraform will use to fetch git module sources.

    This should be in PEM format.

    For example:

    env:
  TERRAFORM_SSH_KEY: ${{ secrets.TERRAFORM_SSH_KEY }}
    • Type: string
    • Optional

Example usage

This example workflow runs every morning and will fail if there has been unexpected changes to your infrastructure.

name: Check for infrastructure drift

on:
  schedule:
    - cron:  "0 8 * * *"

jobs:
  check_drift:
    runs-on: ubuntu-latest
    name: Check for drift of terraform configuration
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Check
        uses: dflook/terraform-check@v1
        with:
          path: my-terraform-configuration