This project uses GitHub Actions to automatically validate Terraform code every time changes are pushed to the repository or a pull request is opened.
The goal was to create a simple CI/CD workflow that catches Terraform issues early before infrastructure changes are deployed.
Every time code is pushed to main or included in a pull request, GitHub Actions runs:
terraform fmt -check
terraform init -backend=false
terraform validateThese checks make sure the Terraform code is formatted correctly, can initialize successfully, and does not contain syntax or configuration errors.
I started with these three commands because they provide the biggest value with the least complexity:
terraform fmt -checkkeeps the Terraform files consistently formattedterraform init -backend=falseverifies that Terraform can initializeterraform validatecatches mistakes before deployment
I did not include terraform plan yet because that requires AWS credentials. I wanted the first version of the pipeline to work without storing secrets in GitHub.
I chose GitHub Actions because the project is already hosted on GitHub, so it was the easiest way to build a CI/CD pipeline without setting up another tool like Jenkins.
GitHub Actions works well for smaller projects and is quick to configure. Jenkins would allow more customization, but would require more setup and maintenance.
There were a few tradeoffs in the current version of the pipeline:
- Using
terraform init -backend=falsemeans the workflow can run without AWS credentials, but it does not test a remote backend - Leaving out
terraform plankeeps the setup simple, but it also means the workflow does not show exactly what infrastructure changes would happen - GitHub Actions is easy to use and maintain, but tools like Jenkins provide more advanced features
terraform-ci-cd-pipeline/
├── .github/
│ └── workflows/
│ └── terraform.yml
├── main.tf
├── outputs.tf
├── .gitignore
└── README.md
This project demonstrates:
- Terraform fundamentals
- Infrastructure as Code
- CI/CD with GitHub Actions
- Automated validation of infrastructure changes
- Basic AWS infrastructure managed through Terraform
Some next steps I plan to add:
- Store AWS credentials securely with GitHub Secrets
- Add
terraform plan - Add
terraform apply - Configure remote Terraform state in S3
- Add support for multiple environments such as
devandprod - Add
tflintfor additional Terraform linting
- Terraform
- AWS
- GitHub Actions
- YAML