Workflow features
- Authenticating via GitHub OIDC provider
- Run
terraform apply
- Automatically running on
main
branch - Manual running on any branch
- Automatically running on
- Run
terraform plan
,terraform fmt
and tflint - Post
terraform plan
report to PullRequest comment and Job Summaries - Slack notification
- GitHub Actions
- Terraform v1.0+
- Download cloud_formation/setup-terraform.yml
- Go to CloudFormation
- Create stack with downloaded
setup-terraform.yml
BackendBucketName
(Required)- Name of backend bucket.
- c.f. https://www.terraform.io/language/settings/backends/s3
TerraformLockTableName
(Required)- Name of lock table name for terraform.
- c.f. https://www.terraform.io/language/settings/backends/s3
- default:
terraform-lock
GithubOidcRoleName
(Required)- IAM Role name for OIDC authentication
- default:
github-oidc-role
GitHubOrgName
(Required)- GitHub organization or user name (e.g.
octocat
)
- GitHub organization or user name (e.g.
GitHubRepositoryName
(Required)- GitHub repository name (e.g.
Hello-World
)
- GitHub repository name (e.g.
OIDCProviderArn
(optional)- Arn for the GitHub OIDC Provider.
- A new provider will be created if omitted
SLACK_WEBHOOK
(optional)- Create from https://slack.com/apps/A0F7XDUAZ
Edit followings
TERRAFORM_VERSION
- Upgrade to the latest version if necessary
GITHUB_OIDC_PROVIDER_ROLE
- This is crated by cloud_formation/setup-terraform.yml. See CloudFormation stack output
AWS_REGION
- Same to the region where Cloudformation was executed
- Upgrade to the latest version if necessary
- Same to
TERRAFORM_VERSION
of .github/workflows/terraform.yml
Edit followings
terraform.backend.bucket
- Same to
BackendBucketName
of cloud_formation/setup-terraform.yml parameter
- Same to
terraform.backend.region
- Same to the region where Cloudformation was executed
terraform.backend.dynamodb_table
- Same to
TerraformLockTableName
of cloud_formation/setup-terraform.yml parameter
- Same to
Edit followings
aws_account_id
- AWS account ID
provider_region
- Same to the region where Cloudformation was executed
Upgrade to the latest version if necessary
terraform.required_providers.aws.version
terraform.required_version
tfenv install
terraform init
# Run followings if you upgraded providers
terraform init -upgrade
git add .terraform.lock.hcl
git commit -m "terraform init -upgrade"
git push
- Check latest version
- Edit
TERRAFORM_VERSION
in .github/workflows/terraform.yml - Edit .terraform-version
- Run
tfenv install
- Edit .github/dependabot.yml
- Wait for Dependabot to create a PullRequests
- Check latest versions
- Edit
terraform.required_providers.aws.version
in versions.tf - Run
terraform init -upgrade