Skip to main content

tfaction

Ask DeepWiki NotebookLM | Who uses tfaction? | Release Note | MIT LICENSE

tfaction is a GitHub Actions to build sophisticated Terraform (OpenTofu) workflows for Monorepo easily. You don't have to run terraform apply in your laptop, and don't have to reinvent the wheel for Terraform Workflows anymore. tfaction provides various features such as auto-fix (terraform fmt, .terraform.lock.hcl, terraform-docs, tflint --fix, and more), lint (tflint, trivy, conftest), drift detection, and more.

💡 NotebookLM and DeepWiki for tfaction​

You can ask any questions about tfaction to the notebook and DeepWiki!

Features​

  • Running Terraform through GitHub Actions. No need to run terraform apply in your laptop or dedicated servers.
  • OSS (MIT LICENSE)
  • High Functionality - auto-fix, lint, drift detection, tfmigrate, and more
  • Significantly reduce the implementation, operational, and maintenance costs of workflows.

Support for OpenTofu and Terragrunt​

Supports not only Terraform but also Terraform-compatible tools such as OpenTofu, as well as Terragrunt.

Monorepo Support​

Native support for monorepos managing multiple Terraform root modules. CI runs only for the root modules changed in a PR.

It also supports triggering CI for root modules when their dependent local-path modules are updated.

Clear PR Comments for terraform plan and apply Results​

Using a tool called tfcmt, tfaction posts clear and easy-to-read summaries of terraform plan and apply results directly to pull requests.

tfcmt

Linting​

Runs linting with tools such as:

  • terraform validate
  • tflint
  • trivy
  • conftest

tflint and trivy results are reported in a developer-friendly way using reviewdog.

tflint

conftest can be executed against any files including both HCL files and plan files.

Automatic Code Fixes​

Automatically runs tools such as:

  • .terraform.lock.hcl updates
  • terraform fmt
  • terraform-docs
  • tflint --fix

Then commits and pushes the fixes to the PR.

commit fmt

Additionally, if a PR’s feature branch is behind the base branch, it automatically updates the branch. In practice, having issues fixed automatically provides a far better developer experience than simply failing CI.

Safe apply Using Plan Files​

To prevent discrepancies between plan and apply, tfaction uses the plan file generated during the PR’s terraform plan when running terraform apply.

Automatically Create Follow-up PRs When terraform apply Fails​

If terraform apply fails, tfaction automatically creates a follow-up PR to help address the failure.

image

image

Drift Detection​

Periodically detects drift between code and the actual infrastructure state, and manages it via GitHub Issues.

The plan result is recorded as a comment in the issue, making it easy to identify when drift occurred. Because it leverages GitHub Issues, everything is managed within GitHub.

Drift Detection

image

And More​

tfaction has more features. We can't introduce all of them in one page.

Available versions​

The main branch and feature branches don't work. Please see the document.

Who uses tfaction?​

Please see here.