terrajux-action

A GitHub Action for executing terrajux.

terrajux-action makes Terraform code review easier by reporting transitive module dependencies' code diffs alongside those associated with a Terraform root module edit.

Inputs

git_url

required The Terraform module git repository URL to pass as <giturl> to terrajux.

For common workflows, this might be file://${{ github.workspace }}. See GitHub Actions github context for more information.

v1_ref

required The GitHub Terraform module repository git ref to pass as <v1ref> to terrajux.

For common workflows, this might be ${{ github.ref }}. See GitHub Actions github context for more information.

v2_ref

required The GitHub Terraform module repository git ref to pass as <v2ref> to terrajux.

For common workflows, this might be ${{ github.base_ref }} or ${{ github.head_ref }}. See GitHub Actions github context for more information.

subpath

The GitHub module repository subpath to pass as the <subpath> to terrajux. Defaults to ".".

Example usage

A common configuration to run terrajux against a pull request might look like the following:

- uses: actions/checkout@main
- uses: mdb/terrajux-action@main
  with:
    git_url: file://${{ github.workspace }}
    v1_ref: ${{ github.ref }}
    v2_ref: ${{ github.base_ref }}

...and would offer a diff view of all code differences -- including those amongst upstream Terraform module dependencies -- introduced by the pull request.

Alternatively, terrajux-action can be run using a pre-built container image, which tends to be a bit faster:

- uses: actions/checkout@main
- uses: docker://registry.hub.docker.com/clapclapexcitement/terrajux-action:latest
  with:
    git_url: file://${{ github.workspace }}
    v1_ref: ${{ github.ref }}
    v2_ref: ${{ github.base_ref }}

See terrajux-action's own .github/workflows for additional examples.

TODO

• more robust tests
• associate changelog with each release
• experimental: research techniques for exiting nonzero based on "policy" violations