schmalz/shared-actions
15
0
Fork 0
Code Issues Pull requests 3 Releases Packages Activity Actions

feat: add output export for Terraform apply action #20

Merged
Michael.Seele merged 1 commit from feature/terraform-apply-outputs into main 2026-05-05 13:22:43 +00:00
Conversation 3 Commits 1 Files changed 2 +23 -2
2 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
terraform-apply/README.md
View file

@ -12,18 +12,26 @@ Apply Terraform configuration files using the official Terraform CLI.
| `workspace` | No | `""` | Terraform workspace to select |
| `jfrog-token` | No | `""` | JFrog Artifactory token for the Terraform provider registry (`TF_TOKEN_schmalz_jfrog_io`) |
## Outputs
Non-sensitive Terraform outputs are automatically exported after apply. They are accessible on the calling step via `steps.<id>.outputs.<terraform-output-name>`. Complex types (lists, maps) are JSON-encoded. Outputs marked as `sensitive = true` in Terraform are excluded.
## Usage
```yaml
- uses: https://schmalz-git.git.onstackit.cloud/schmalz/shared-actions/terraform-apply@terraform-apply-v1
id: tf-apply
with:
workspace: stage
var-file: stage.tfvars
jfrog-token: ${{ secrets.JFROG_TOKEN }}
- run: echo ${{ steps.tf-apply.outputs.s3_bucket_name }}
```
## Notes
- Runs `terraform init`, selects the workspace (if provided), and applies with `-auto-approve`.
- Sets `TF_TOKEN_schmalz_jfrog_io` on both `init` and `apply` steps if `jfrog-token` is provided.
- If `var-file` is provided, it is passed as `-var-file` to the apply command.
- If `var-file` is provided, it is passed as `-var-file` to the apply command.
- Non-sensitive Terraform outputs are written to `$GITHUB_OUTPUT` after apply — no separate `terraform output` step needed. Sensitive outputs are excluded to prevent secret leakage.

15
terraform-apply/action.yml
View file

@ -61,4 +61,17 @@ runs:
if [ -n "$VAR_FILE" ]; then
ARGS="$ARGS -var-file=$VAR_FILE"
fi
terraform -chdir="$TF_DIR" apply $ARGS
terraform -chdir="$TF_DIR" apply $ARGS
- name: Export Terraform Outputs
shell: bash
env:
TF_DIR: ${{ inputs.terraform-dir }}
run: |
terraform -chdir="$TF_DIR" output -json | jq -r '
to_entries[]
| select(.value.sensitive != true)
| .key as $k
| (.value.value | if type == "string" then . else tojson end) as $v
| "\($k)<<__TF_OUT__\n\($v)\n__TF_OUT__"
' >> "$GITHUB_OUTPUT"