GitHub Action automatically validating Terraform modules.
- Docker Hub: devopsinfra/action-terraform-validate:latest
- GitHub Packages: ghcr.io/devops-infra/action-terraform-validate:latest
- Main action is using
terraform validate. - Its main use will be everywhere where Terraform or OpenTofu is used and is great for statically or actively checking modules' sources.
This action supports three tag levels for flexible versioning:
vX: latest patch of the major version (e.g.,v1).vX.Y: latest patch of the minor version (e.g.,v1.2).vX.Y.Z: fixed to a specific release (e.g.,v1.2.3).
- name: Validate Terraform modules
uses: devops-infra/action-terraform-validate@v1.0.6
with:
dir_filter: modules| Input | Required | Default | Description |
|---|---|---|---|
dir_filter |
No | * |
Prefixes or sub-directories to search for Terraform modules. Use comma as separator. |
Validate whole Terraform setup in repository root.
name: Validate Terraform
on:
push
jobs:
terraform-validate:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Validate Terraform configuration
uses: devops-infra/action-terraform-validate@v1.0.6Validate Terraform modules only in modules/aws and modules/gcp directories.
name: Validate Terraform
on:
push
jobs:
terraform-validate:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
- name: Validate Terraform modules
uses: devops-infra/action-terraform-validate@v1.0.6
with:
dir_filter: modules/aws,modules/gcpPick the tag level based on your stability needs:
vX.Y.Z: exact immutable release (most predictable)vX.Y: latest patch within one minor linevX: latest patch within one major line
name: Use pinned action version
on: [push]
jobs:
terraform-validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: devops-infra/action-terraform-validate@v1.0.6
id: pin-patch
- uses: devops-infra/action-terraform-validate@v1.0
id: pin-minor
- uses: devops-infra/action-terraform-validate@v1
id: pin-majorContributions are welcome! See CONTRIBUTING. This project is licensed under the MIT License - see the LICENSE file for details.
MIT β see LICENSE.
If you have any questions or need help, please:
- Create an issue
- Star this repository if you find it useful!
Use the manual workflow .github/workflows/manual-e2e-validate.yml to validate this action against the centralized E2E repository.
mode=imagevalidates a published image tag (recommended for-testand-rcrelease checks).mode=refvalidates ref-oriented E2E paths against stable pinned action refs.
CI/CD automation also runs these E2E checks automatically:
- Pull requests: E2E validation runs through reusable org workflows.
- Release branch prepare: E2E validation runs against release candidate artifacts (
-rc). - Release create: E2E validation runs against production release artifacts.
Example trigger inputs:
mode=ref
mode=image
image_tag=v1.2.3-test
To publish images from a fork, set these variables so Task uses your registry identities:
DOCKER_USERNAME, DOCKER_ORG_NAME, GITHUB_USERNAME, GITHUB_ORG_NAME.
Two supported options (environment variables take precedence over .env):
# .env (local only, not committed)
DOCKER_USERNAME=your-dockerhub-user
DOCKER_ORG_NAME=your-dockerhub-org
GITHUB_USERNAME=your-github-user
GITHUB_ORG_NAME=your-github-org# Shell override
DOCKER_USERNAME=your-dockerhub-user \
DOCKER_ORG_NAME=your-dockerhub-org \
GITHUB_USERNAME=your-github-user \
GITHUB_ORG_NAME=your-github-org \
task docker:buildRecommended setup:
- Local development: use a
.envfile. - GitHub Actions: set repo variables for the four values above, and secrets for
DOCKER_TOKENandGITHUB_TOKEN.
Publish images without a release:
- Run the
(Manual) Release Createworkflow withbuild_only: trueto build and push images without tagging a release.