CI — Terraform
Runs terraform validate and terraform fmt -check against a Terraform root module. Initializes with no backend and caches providers between runs.
Usage
yaml
jobs:
ci:
uses: KevinDeBenedetti/github-workflows/.github/workflows/ci-terraform.yml@main
with:
tf-dir: terraform
terraform-version: 1.10.0Inputs
| Input | Type | Default | Description |
|---|---|---|---|
run-validate | boolean | true | Run terraform validate (requires init) |
run-fmt-check | boolean | true | Run terraform fmt -check -diff to enforce formatting |
tf-dir | string | terraform | Path to the Terraform root module directory |
terraform-version | string | latest | Terraform version to install |
runner | string | '"ubuntu-latest"' | Runner labels as JSON — '"ubuntu-latest"' or a label array |
Steps
- Checkout
- Setup Terraform (
hashicorp/setup-terraform, wrapper disabled) - Cache Terraform providers (
.terraform, keyed on.terraform.lock.hcl) terraform init -backend=false- (if
run-validate)terraform validate - (if
run-fmt-check)terraform fmt -check -diff
Notes
- All steps run in
tf-dirviadefaults.run.working-directory. initalways runs with-backend=falseso no remote backend credentials are required for validation.- The Terraform wrapper is disabled (
terraform_wrapper: false) since self-hosted runners may lack a system Node.js and no step consumes the wrapper outputs.