This repo provides a baseline for a github action workflow which runs terraform init, terraform validate, tflint, tfsec, checkov and terraform plan. Additionally with pre-commit it checks for a few hooks to ensure good formatting throughout the repo. The pipeline runs on push to main branch and on pull requests. It also includes a ci file which generates a pre-baked image from a Dockerfile, which is then used in the workflow runs to not download each dependency on every run. Should be used as a base for further customization.
Following repo structure is given:
PROJECT_XYZ/
└── .github/
└── workflows/
└── build-baked-image.yaml
└── ci.yaml
└── terraform/ # all tf code inside here
└── main.tf
└── .tflint.hcl # contains tflint config rules
└── .pre-commit-config.yaml # runs pre-commit hooks
└── README.md
Optional:
If pre-commit is installed run pre-commit install
to install the hooks specified in the config file which run before every commit automatically.
If want to use pre-baked image:
- Create the pre-baked image which includes all dependencies, Dockerfile is in this repo. The github workflow file generates the image and automatically publishes it to github container registry.
- Grant this repo read access to this package.
- Follow instructions below!
Create a repo with above repo structure:
- Copy this ci.yaml (if using pre-baked image) or this ci.yaml (if install dependencies on each run) inside the workflows folder
- Copy .tflint.hcl config file in root tf directory
- Optionally install the pre-commit hooks with
pre-commit install
- Push changes to git repo
- Check the running github action