actions-workflows

This repository contains a set of reusable GitHub Action workflows and configuration files for setting up Terraform Continuous Integration.

documentation

Terraform Pipeline

Stages

The Terraform pipeline has four stages, three unique to Terraform and one that applies to all AutomationLibrary repositories.

  • Scan

  • Lint

  • Docs

  • Release

Scan, Lint and Release are special Terraform jobs. Docs is a general job.

Scan

The Scan job will run tf-sec and checkov against the repository’s infrastructure-as-code. The pipeline will fail if any vulnerabilities are found.

Lint

The Lint job will run tf-lint against the repository’s infrastructure-as-code. The pipeline will fail if any styling issues are found.

Docs

The Docs job will scan your repository for several files. If it encounters a .terraform-docs.yml, it will run tf-docs to process .tf files into .md files.

In the final stage of the Docs job, Sphinx is run to process any .md files into .html, which is then pushed to the gh-pages branch of your repository, where it is statically hosted through Github Pages.

Release

The Release job will run terraform apply, terraform plan and terraform destroy against each Terraform module specified from your project.

In order for this job to succeed, the pipeline will need permission to deploy the associated resources. You will need to attach the necessary AWS API permissions to the pipeline service account before this job can pass the pipeline.