From 760d7f3edc1f5a68126f66254152326227cfc081 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 08:41:44 -0500 Subject: [PATCH 1/8] Add Terraform version to linters workflow --- .github/workflows/linters.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml index ea8805083d4d83..c0042047c517b0 100644 --- a/.github/workflows/linters.yml +++ b/.github/workflows/linters.yml @@ -16,7 +16,7 @@ concurrency: env: PYTHON_VERSION: '3.14' NODE_VERSION: lts/* - + TERRAFORM_VERSION: '1.14.3' permissions: contents: read From b00d1a29c07c4d542d718a588741d9883006cf09 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:10:34 -0500 Subject: [PATCH 2/8] Add actions to store and get Terraform plans --- .github/workflows/terraform.yml | 114 ++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 00000000000000..2e4db4d4451ef0 --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,114 @@ +# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file +# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run +# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events +# to the "main" branch, `terraform apply` will be executed. +# +# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform +# +# To use this workflow, you will need to complete the following setup steps. +# +# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. +# Example `main.tf`: +# # The configuration for the `remote` backend. +# terraform { +# backend "remote" { +# # The name of your Terraform Cloud organization. +# organization = "example-organization" +# +# # The name of the Terraform Cloud workspace to store Terraform state files in. +# workspaces { +# name = "example-workspace" +# } +# } +# } +# +# # An example resource that does nothing. +# resource "null_resource" "example" { +# triggers = { +# value = "A example resource that does nothing!" +# } +# } +# +# +# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. +# Documentation: +# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html +# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets +# +# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. +# Example: +# - name: Setup Terraform +# uses: hashicorp/setup-terraform@v1 +# with: +# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + +name: 'Terraform' + +on: + push: + branches: [ "main" ] + pull_request: + +permissions: + contents: read + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + environment: production + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + defaults: + run: + shell: bash + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v4 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: terraform init + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + run: terraform fmt -check + + # Generates an execution plan for Terraform + - name: Terraform Plan + run: terraform plan -input=false + + # On push to "main", build or change infrastructure according to Terraform configuration files + # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks + - name: Terraform Apply + if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + - name: Store Plan + uses: cloudposse/github-action-terraform-plan-storage@v1 + id: store-plan + with: + action: storePlan + planPath: my-plan.tfplan + component: mycomponent + stack: core-mycomponent-use1 + tableName: acme-terraform-plan-metadata + bucketName: acme-terraform-plans + + - name: Get Plan + uses: cloudposse/github-action-terraform-plan-storage@v1 + id: get-plan + with: + action: getPlan + planPath: my-plan.tfplan + component: mycomponent + stack: core-mycomponent-use1 + tableName: acme-terraform-plan-metadata + bucketName: acme-terraform-plans From 1929de59fb1b45a05cf05f1b099bcf20772b3649 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:22:31 -0500 Subject: [PATCH 3/8] Add workflow_dispatch trigger to terraform.yml --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 2e4db4d4451ef0..53963f8cf6d265 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -47,7 +47,7 @@ name: 'Terraform' on: push: branches: [ "main" ] - pull_request: + workflow_dispatch: permissions: contents: read From fb92ad57db4db8ba97013c3e4a352f9028af6e09 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:25:38 -0500 Subject: [PATCH 4/8] Change Terraform runner to self-hosted --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 53963f8cf6d265..3bef691bf6329b 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -55,7 +55,7 @@ permissions: jobs: terraform: name: 'Terraform' - runs-on: ubuntu-latest + runs-on: self-hosted environment: production # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest From b7b3a880541560cbafbe8cb9d91c5420e92380b0 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:27:14 -0500 Subject: [PATCH 5/8] Change runner from self-hosted to windows-latest --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 3bef691bf6329b..814dfa8bcfbe6f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -55,7 +55,7 @@ permissions: jobs: terraform: name: 'Terraform' - runs-on: self-hosted + runs-on: windows-latest environment: production # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest From 12694a04482c51de2d4ab7f7b5323dacdc8611ff Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:30:10 -0500 Subject: [PATCH 6/8] Modify Terraform plan to allow input Changed Terraform plan command to accept user input. --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 814dfa8bcfbe6f..97d2560576b5c9 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -84,7 +84,7 @@ jobs: # Generates an execution plan for Terraform - name: Terraform Plan - run: terraform plan -input=false + run: terraform plan -input=true # On push to "main", build or change infrastructure according to Terraform configuration files # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks From 8ae629324c0f80f60895932c0189e0c5b31dd6b7 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:34:38 -0500 Subject: [PATCH 7/8] Update Terraform workflow for plan and apply steps --- .github/workflows/terraform.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 97d2560576b5c9..f7ec83705b22b2 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -84,13 +84,13 @@ jobs: # Generates an execution plan for Terraform - name: Terraform Plan - run: terraform plan -input=true + run: terraform plan # On push to "main", build or change infrastructure according to Terraform configuration files # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - name: Terraform Apply - if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false + if: github.ref == 'refs/heads/"main"' && github.event_name == 'workflow_dispatch' + run: terraform apply -auto-approve - name: Store Plan uses: cloudposse/github-action-terraform-plan-storage@v1 id: store-plan From 352b1fd37bd3d8622d99efb576dde4cb03b72340 Mon Sep 17 00:00:00 2001 From: 0000854453 <118651303+0000854453@users.noreply.github.com> Date: Wed, 14 Jan 2026 09:50:35 -0500 Subject: [PATCH 8/8] Change runner from Windows to macOS for Terraform --- .github/workflows/terraform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index f7ec83705b22b2..346255ddad6efe 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -55,7 +55,7 @@ permissions: jobs: terraform: name: 'Terraform' - runs-on: windows-latest + runs-on: macos-14 environment: production # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest @@ -73,7 +73,7 @@ jobs: uses: hashicorp/setup-terraform@v1 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - + continue-on-error: true # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init