# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action.
# Example:
# – name: Setup Terraform
# uses: hashicorp/setup-terraform@v1
# with:
# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
name: ‘Terraform’
on:
push:
branches: [ “main” ]
pull_request:
permissions:
contents: read
jobs:
terraform:
name: ‘Terraform’
runs-on: ubuntu-latest
environment: production
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
– name: Checkout
uses: actions/checkout@v3
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
– name: Setup Terraform
uses: hashicorp/setup-terraform@v1
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
– name: Terraform Init
run: terraform init
# Generates an execution plan for Terraform
– name: Terraform Plan
run: terraform plan -input=true
# On push to “main”, build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required “strict” status check in your repository for “Terraform Cloud”. See the documentation on “strict” required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
– name: Terraform Apply
# if: github.ref == ‘refs/heads/”main”‘ && github.event_name == ‘push’
run: terraform apply -auto-approve -input=true