GitHub workflow to run format, validation, and plan checks against Terraform configuration.

gh-workflow-terraform-checks.yml

name: Terraform Checks

on:
  workflow_dispatch:
  pull_request:
    branches:
      - "**"

defaults:
  run:
    working-directory: ./

jobs:
  terraform-format:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: 1.3.2
      - name: Terraform fmt
        run: terraform fmt -check -recursive

  terraform-validate:
    runs-on: ubuntu-latest
    env:
      # list of directories container terraform config
      TERRAFORM_DIRS: |
          dev stg prod global
    steps:
      - uses: actions/checkout@v3
      - uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: 1.3.2
      - name: Terraform Init
        run: |
          for d in $TERRAFORM_DIRS
          do
            echo "Initializing $d";
            (cd $d && terraform init -backend=false)
          done
      - name: Terraform Validate
        run: |
          for d in $TERRAFORM_DIRS
          do
            echo "Validating $d";
            (cd $d && terraform validate)
          done

  terraform-plan:
    runs-on: ubuntu-latest
    needs: [terraform-format,terraform-validate]
    env:
      MYVARS: ${{ secrets.MYVARS }}
    steps:
      - uses: actions/checkout@v3
      # add a step to login to backend storage
      - uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: 1.3.2
      - name: Terraform Init
        run: terraform init
      - name: Terraform plan
        run: terraform plan