This repository contains reusable GitHub Action Workflows related to Terraform testing of Modules and Terraform configurations repositories.
The following workflows are currently defined:
The terraform-checks Workflow provides a simple pre-baked
set of common validation and analysis to perform against Terraform code,
including:
terraform init(without connecting to a backend);terraform fmtto check formatting;terraform validateto check the syntax;tflintto perform linting against the Terraform configuration and/or module;terraform-docsto check theREADME.mdis up-to-date with the current configuration and/or module;tfsecto perform static and security analysis of the configuration and/or module;
| Variable | Description | Required | Default |
|---|---|---|---|
workflow-branch |
Use to choose the correct workflow repository branch | false |
master |
name |
name defines the name of the GitHub Workflow Job to make it easier in the User Interface to see which Check relates to which aspect of the Module (as by default all 3+ checks are called the same thing otherwise) |
true |
(must be provided) |
type |
Defined the "type" of Terraform code being tested (should be one of configuration, example, module, or submodule only) |
true |
(must be provided) |
working-directory |
This is the location of the configuration, example, module, or submodule, being checked |
true |
(must be provided) |
| Secret | Description |
|---|---|
WORKFLOWS_TOKEN |
A custom GitHub PAT Token used to access this reusable workflow repository if GITHUB_TOKEN cannot access; falls back to GITHUB_TOKEN if not provided. |
GITHUB_TOKEN |
The standard GitHub PAT Token needed to interact with the GitHub Repository being checked. |
The terraform-tests Workflow provides a reusable Workflow
to execute TerraTest tests. Includes options for authenticating against
providers, such as AWS. The JUnit report files are also
provided to GitHub Actions to show the outputs of the TerraTest tests.
| Variable | Description | Required | Default |
|---|---|---|---|
workflow-branch |
Use to choose the correct workflow repository branch | false |
master |
enable-aws |
This will allow the configure-aws-credentials GitHub Action to run which will fetch and provide the AWS credentails needed to run TerraTest |
false |
false |
aws-iam-role-arn |
This is the ARN of the AWS IAM Role which should be used to provide access into the TerraTest Shared Sandbox, with the general Role set by default (override if you require a specific IAM Role for access) | false |
arn:aws:iam::516425859983:role/gha/gha-infra-terratest-general |
| Secret | Description |
|---|---|
WORKFLOWS_TOKEN |
A custom GitHub PAT Token used to access this reusable workflow repository if GITHUB_TOKEN cannot access; falls back to GITHUB_TOKEN if not provided. |
GITHUB_TOKEN |
The standard GitHub PAT Token needed to interact with the local GitHub Repository being tested. |