terraform-apply
Full Terraform init, workspace select, plan/apply, and output capture.
Inputs
| Input |
Required |
Default |
Description |
var-file |
Yes |
|
Path to .tfvars file |
workspace |
Yes |
|
Terraform workspace (stage or prod) |
aws-role-arn |
Yes |
|
IAM role ARN for OIDC authentication |
jfrog-token |
Yes |
|
JFrog access token (sets TF_TOKEN_schmalz_jfrog_io) |
terraform-dir |
No |
terraform |
Directory containing Terraform configuration |
terraform-version |
No |
1.11 |
Terraform version to install |
aws-profile |
No |
default |
AWS CLI profile name |
output-names |
No |
"" |
Comma-separated Terraform output names to capture as raw values |
output-json-names |
No |
"" |
Comma-separated output names to capture as JSON |
plan-only |
No |
false |
Run plan -out instead of apply |
plan-file |
No |
"" |
Pre-existing plan file to apply |
Usage
- uses: schmalz/shared-actions/.github/actions/terraform-apply@v1
with:
var-file: envs/stage.tfvars
workspace: stage
aws-role-arn: arn:aws:iam::123456789012:role/my-role
jfrog-token: ${{ secrets.JFROG_TOKEN }}
output-names: api_url,db_host
Notes
- Requires
enable-openid-connect: true on the job.
- Captured outputs are written to
$FORGEJO_OUTPUT and to files under <terraform-dir>/.outputs/.
- Provider cache is restored/saved automatically.
- Use
plan-only: true for a plan-then-apply workflow across jobs.
