Building a really simple GitHub Actions CI ‘workflow’ to validate Terraform code

In this short story i am going to show you exactly how you can easily construct a really simple CI (Continuous Integration) ‘workflow’ as part of your DevOps workflows to validate your infrastructure Terraform code when you merge in Terraform code to your GitHub code repository.

TL:DR

If you just want me to show you the full snippet code here it is.

*but i do encourage you to read on and see my explanations of each step in terms of what it is actually doing and why we are doing it. It is important to understand the code you write and not rely on CPD (Copy & Paste Development)^.

^another thing for another day…

name: PR Build

on:
  pull_request:
    branches: [ main ]

jobs:
  build:
    runs-on: ubuntu-latest
    container: colinbut/terraform-build-container:1.0.0
    steps:
      - name: checkout
        uses: actions/checkout@v3
      
      - name: terraform validate
        run: terraform validate
      
      - name: run tflint
        run: tflint terraform

      - name: run tfsec
        run: tfsec .

What does the code do?

Okay, so what does the code do then?

Here i will explain the most important parts. The rest of the GitHub Actions workflow syntax i will leave it to you as the reader to look up the GitHub Actions documentation to find the explanation yourself.

This part of the code basically says only run this ‘workflow’ when someone submits a GitHub pul request to be merge in to the ‘main’ branch.

on:
  pull_request:
    branches: [ main ]

Note the terminological difference between older CI systems like Jenkins where it makes use of the word pipeline — here in GitHub Actions you don’t construct a pipeline technically but more putting together a series of workflow to action upon certain events.

We’re will be executing this CI job in a GitHub hosted CI server with the label ‘ubuntu-latest’ denoting we going to select the latest linux server based on the ubuntu OS distro build.

runs-on: ubuntu-latest