Skip to content

Reusable GitHub workflow for validating a Terraform configuration repository.

License

Notifications You must be signed in to change notification settings

nrkno/github-workflow-terraform-config

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

github-workflow-terraform-config

Reusable GitHub workflow for validating a Terraform configuration repository.

Usage

You must set permissions in order to add the required id-token permissions which is off by default.

permissions:
  id-token: write
  contents: read
  pull-requests: write

name: Terraform
uses: nrkno/github-workflow-terraform-config/.github/workflows/[email protected]
  with:
    # inputs
  secrets:
    # secrets

Inputs

  • terraform-job-enabled (boolean, default true) - Enable the Terraform checks
  • terraform-version (string, default "latest") - Version of Terraform to use
  • working-directory (string, default ".") - Working directory for all workflow operations, unless documented otherwise.
  • terraform-ignore-files (string, default "") - Comma-separated list of filepaths to remove before running Terraform operations. This is relative to the working-directory argument.
  • status-comment-enabled (boolean, default true) - Post a status comment in the pull request issue after checks have completed.
  • status-comment-message (string, default "") - A custom message to append to the status comment.
  • runs-on (string, default "nrk-azure-intern") - Defines the type of machine to run the jobs on.
  • trivy-job-enabled (boolean, default true) - Scan repository for IaC vulnerabilities using Trivy.
  • trivy-ignore-unfixed (boolean, default true) - Ignore vulnerabilities that do not have a known fix.
  • trivy-sbom-enabled (boolean, default false) - Generate a Software Bill of Materials (SBOM) report.
  • trivy-severity (string, default "MEDIUM,HIGH,CRITICAL") - Comma-separated list of severity levels that should trigger errors.
  • trivy-ignore-files (string, default "") - Comma-separated list of paths to .trivyignore files. Paths are relative to the working-directory argument.
  • trivy-error-is-success (boolean, default false) - Internal: Return successfully only if Trivy finds vulnerabilities.
  • terraform-docs-job-enabled (boolean, default true) - Automatically update Terraform documentation. https://github.com/terraform-docs/gh-actions#configuration
  • terraform-docs-config-file (string, default ".terraform-docs.yaml") - Path to a Terraform docs configuration file.
  • terraform-docs-output-file (string, default "README.md") - Path to the file to update the documentation in.
  • terraform-docs-output-method (string, default "inject") - Method to use for injecting the documentation.
  • terraform-docs-git-commit-message (string, default "docs: terraform-docs automated update") - Message for the documentation commit.
  • terraform-docs-git-push (boolean, default true) - Automatically push the commit to the pull request branch.
  • terraform-docs-fail-on-diff (boolean, default true) - Internal: Fail if there are changes in the documentation.
  • terraform-docs-recursive (boolean, default false) - Generate documentation recursively for all modules in the working directory.
  • workflow-ref (string, default "") - Internal: Specify the Git ref to use when the workflow is checking out its own repository. Pass an empty string for auto-detection.

Secrets

  • registries

Developing

The workflow definition resides in .github/workflows/workflow.yaml.

References

About

Reusable GitHub workflow for validating a Terraform configuration repository.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages