Skip to content

feat: Update documentation for adopting the reusable Terraform workflow #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SamW94 merged 2 commits into from
Apr 23, 2026
Merged

feat: Update documentation for adopting the reusable Terraform workflow #210

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a2de604
feat: Update documentation for adopting the reusable Terraform workflow
SamW94 Apr 23, 2026
8c4584e
chore: install pre-commit hooks
SamW94 Apr 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,18 @@ Although bandit provides a [github action](https://github.com/PyCQA/bandit-actio

There is a `bandit-version` `env` variable in this job, that is used to install a specific bandit version. This variable must match a github [release version](https://github.com/PyCQA/bandit/releases)

# GitHub actions
# GitHub Actions

This repository contains GitHub actions that are triggered by a set of GitHub Rulesets defined at the organisation level. Any repository in the uktrade organisation can opt in to using these GitHub actions by adding GitHub Custom properties to the repository.

## Terraform Workflow

The reusable Terraform workflow defined in this repository checks Terraform code in your repository against a number of standard tools: `terraform fmt`, `terraform validate` and `tflint`. If any of these checks do not exit successfully, the job will fail and you will need to make changes to your code to get it through the CI checks. Because a lot of the Terraform modules we use in our code are hosted in private GitHub repositories, we have had to create a GitHub App to allow them to be pulled into the GitHub Action at runtime. Therefore, there are some pre-requisites you must satisfy before this reusable workflow will work on your repository:

1. You must grant your repository access to the organisation-level secrets `TERRAFORM_MODULE_ACCESS_APP_ID` and `TERRAFORM_MODULE_ACCESS_PRIVATE_KEY` [here](https://github.com/organizations/uktrade/settings/secrets/actions) - if you do not have access to do this, SRE can facilitate it for you.
2. You must grant the GitHub App `uktrade-terraform-module-access` [here](https://github.com/organizations/uktrade/settings/installations/98143778) repository access to both your repository **and** the repository hosting the module your code is using.
3. You must select the `Terraform (HCL)` option in the `language` custom property on your repository.

## Testing changes

As this github-standards repository uses the GitHub Custom properties, during a PR for this repository the workflows that are run are the version in the main branch. This makes it difficult to test changes to the workflows, as although the files exist in this repo, any changes to them will not take effect until the PR is merged into main. At that point, any issues with the workflow will be present in all repositories using the GitHub Custom properties.
Expand Down
Loading