tfaction

warning

The contents under /unreleased/ are for unreleased versions. They are unstable.

📄️What is tfaction

tfaction is a set of GitHub Actions for building workflows that run Terraform or OpenTofu on GitHub Actions.

📄️Getting Started

We will build a simple workflow using the minimum configuration required for tfaction.

📄️Hiding Old PR Comments

In the workflow built in Getting Started, tfcmt posts comments to the PR, but old comments remain visible indefinitely.

📄️JSON Schema for Configuration Files

Both tfaction-root.yaml and tfaction.yaml have JSON Schemas.

📄️Configuration Priority

tfaction's configuration is hierarchical, and some settings can be defined in multiple places.

📄️tfaction v2 is a Single Action

Looking at the workflow from Getting Started, you can see that tfaction calls the same action multiple times with different values for the action input.

📄️Monorepo

In Getting Started, there was only one root module. Now let's set up a monorepo.

📄️Trigger Terraform When Dependent Local-path Modules Are Updated

By default, list-targets lists only the root modules that were directly updated. However, if a root module references a module via a relative path outside its directory, the root module will not be included in the list when only the referenced module is updated.

📄️Linting and Formatting

The test action provides linting and formatting capabilities:

📄️Follow-up PR

When terraform apply fails in tfaction, you need to resolve the failure.

📄️Automatic PR Branch Updates

tfaction automatically updates PR branches. There are two types of updates.

📄️Scaffolding Root Modules and Modules from Templates

Add a GitHub Actions workflow to create root modules or modules from templates.

📄️AWS Configuration

This page explains the configuration for using the AWS Provider or S3 Backend.

📄️Configuration for Google Cloud

This page explains the configuration for using the Google Cloud Provider and GCS Backend.

📄️Handling Secrets

tfaction can handle secrets required for terraform init, plan, and apply.

📄️Configuring Target (Aliases)

The relative path from the Git repository root to a root module is used in PR comments, PR labels, and other places.

📄️Dismiss approval before plan

The plan action dismisses approvals immediately after running terraform plan, forcing reviewers to approve after seeing the plan results.

📄️Disable PR creation

tfaction has features that automatically create PRs, but you can limit it to only creating commits and branches without creating PRs.

📄️Notify bot PR events

tfaction has features that automatically create PRs, but you do not receive notifications when bot-created PRs are reviewed, merged, or closed.

📄️Configuring tfcmt

The PR comments for terraform plan and apply are generated by tfcmt.

📄️Configuring Terraform Command Options

To pass options to terraform commands in tfaction, you can use the environment variables TFCLIARGS and TFCLIARGS_name.

📄️Auto Apps (Renovate, Dependabot)

Configuration related to PRs created by apps such as Renovate.

📄️Limiting the Number of Root Modules Changed in a Single PR

You can limit the number of root modules that can be changed in a single PR.

📄️Destroying All Resources in a Root Module

To destroy all resources in a root module, set destroy: true in tfaction.yaml.

📄️Code Generation with terraform plan -generate-config-out

terraform plan -generate-config-out is a very useful command that generates resource blocks from import blocks.

📄️Module

tfaction also provides features for managing modules (not root modules).

📄️Secure Commits and PR Creation with CSM Actions

By default, tfaction uses the github_token input when creating commits and PRs.

📄️Drift Detection

image

📄️Using OpenTofu or Terragrunt

By default, tfaction runs terraform, but you can replace it with a Terraform-compatible tool such as OpenTofu.

📄️Skipping terraform plan and apply

When only files matching skipterraformfiles under a working directory are modified, terraform plan and apply are skipped.

📄️Workflows

tfaction uses several GitHub Actions workflows.

📄️Actions

tfaction is a single action, but it provides various features through the action input.

📄️tfmigrate

Run tfmigrate through GitHub Actions to perform state migrations as code.

📄️Testing Workflow Changes

When GitHub Actions workflows are modified, it is desirable to verify that they still work correctly.

📄️Safe Apply Using Plan Files

This is a built-in feature of tfaction and requires no action from users.

📄️v2 Release Note

Summary

📄️v2 Upgrade Guide

The v2 upgrade includes several breaking changes.