tfaction

Who uses tfaction? | Release Note | MIT LICENSE

tfaction is a framework for a Monorepo to build high-level Terraform workflows using GitHub Actions. You don't have to run terraform apply in your laptop, and don't have to reinvent the wheel for Terraform Workflows anymore.

Features

Run terraform plan in pull requests, and run terraform apply by merging pull requests into the default branch
Dynamic build matrix for Monorepo
- CI is run on only changed working directories
Notify the results of CI to pull requests using tfcmt, github-comment, and reviewdog
- You don't have to check CI log
Run terraform apply safely using the plan file created by the merged pull request's terraform plan
Update related pull requests automatically when the remote state is updated
- Keep the result of CI including terraform plan up-to-date
Create a pull request automatically to follow up the apply failure
Support linters
- terraform validate
- tfsec
- trivy
- tflint
- conftest
Support tfmigrate
Update dependencies by Renovate safely
- Prevent Renovate from applying unexpected changes, and enables to merge pull requests without changes safely
Workflows for Terraform Modules
- Scaffold, Test, Release Modules
Workflows for scaffolding
- Scaffold a working directory, Terraform Module, pull request for tfmigrate
Update .terraform.lock.hcl automatically
- A commit is pushed automatically, so you don't have to update .terraform.lock.hcl manually
Format Terraform Configuration automatically
- A commit is pushed automatically, so you don't have to format Terraform configuration manually
Drift Detection
- Detect the drift periodically and manage the drift as GitHub Issues
Support Terraform compatible tools such as OpenTofu and Terragrunt
Support running CI on working directories that depend on a updated local path Module
Generate code by terraform plan -generate-config-out to import resources
Generate document by terraform-docs

Dynamic build matrix for Monorepo

Notify the result of CI to pull requests with tfcmt, github-comment, and reviewdog

Result of terraform plan

Result of tfsec

Result of trivy

Result of tflint

Result of conftest

Create a pull request automatically to follow up the apply failure

Support tfmigrate

tfmigrate plan

tfmigrate apply

Update dependencies by Renovate safely

CI fails if there are changes, which enables you to merge pull requests without unexpected changes safely.

Update .terraform.lock.hcl automatically

Format Terraform Configuration

Drift Detection

Available versions

caution

We don't add */dist/*.js in the main branch and feature branches anymore. So you can't specify main and feature branches as versions.

# This never works as setup/dist/index.js doesn't exist.
uses: suzuki-shunsuke/tfaction/setup@main

The following versions are available.

Release versions

uses: suzuki-shunsuke/tfaction/setup@v1.12.1

Pull Request versions: These versions are removed when we feel unnecessary. These versions are used to test pull requests.

uses: suzuki-shunsuke/tfaction/setup@pr/2017

latest branch: This branch is built by CI when the main branch is updated. Note that we push commits to the latest branch forcibly.

uses: suzuki-shunsuke/tfaction/setup@latest

Pull Request versions and the latest branch are unstable. These versions are for testing. You should use release versions in production.

Who uses tfaction?

Please see here.

Blog, Slide

Release Notes

https://github.com/suzuki-shunsuke/tfaction/releases

LICENSE

MIT

Features​

Available versions​

Who uses tfaction?​

Blog, Slide​

Release Notes​

LICENSE​