terraformgithub-actionsterraform-provider-gcpterragrunt

How to use Terragrunt in Github Actions

I am relatively new with creating custom github action workflows. I am trying to utilize Terragrunt with Terraform to automate my CICD workflow using Github Actions which provisions resources in a GCP account. I have gotten a Terraform Github Actions to work but I am now trying to expand it to a modular approach using Terragrunt wrapped around Terraform. I have tested my terragrunt script locally and I have no issues. But I am having trouble setting up the Terragrunt Github Actions workflow.yaml

Where do I find the "uses" repo for Terragrunt to setup Terragrunt. I searched Hasicorp's github repo's and they only list Terraform. I have only found older workflows only for AWS for Terragrunt.

Here is my current workflow.yaml:

name: 'Terragrunt CI'

on:
  push:
    branches:
    - main
  pull_request:

jobs:
  Terragrunt:
    name: 'Terragrunt'
    runs-on: ubuntu-latest

    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
    defaults:
      run:
        shell: bash

    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v2

    # Install the latest version of Terragrunt CLI and configure the Terragrunt CLI configuration file with a Terragrunt Cloud user API token
    - name: Setup Terragrunt
      uses: #**TBD-hashicorp/setup-Terragrunt@v1**


    # Initialize a new or existing Terragrunt working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terragrunt Init
      run: terragrunt init --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

    # Generates an execution plan for Terragrunt
    - name: Terragrunt Plan
      run: terragrunt run-all plan --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

      # On push to main, build or change infrastructure according to Terragrunt configuration files
      # Note: It is recommended to set up a required "strict" status check in your repository for "Terragrunt Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
    - name: Terragrunt Apply
      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
      run: terragrunt apply-all --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
Solution

  • Confirmed, this workflow confirmed works.

    name: 'Terragrunt CI'

on:
  push:
    branches:
    - main
  pull_request:

jobs:
  Terragrunt:
    name: 'Terragrunt'
    runs-on: ubuntu-latest

    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
    defaults:
      run:
        shell: bash

    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v2

    # Install the latest version of Terragrunt CLI and configure the Terragrunt CLI configuration file with a Terragrunt Cloud user API token
    - name: Setup Terraform v1.2.6
      uses: hashicorp/setup-Terraform@v1
      with:
        terraform_version: 1.2.6
        terraform_wrapper: true
    - name: Setup Terraform version
      run: terraform --version
    - name: Setup Terraform wrapper path
      run: which terraform

    - name: Setup Terragrunt v0.38.4
      run: |
        sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v0.38.4/terragrunt_linux_amd64"
        sudo chmod +x /bin/terragrunt
        terragrunt -v

    # Initialize a new or existing Terragrunt working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terragrunt Init
      run: terragrunt init --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

    # Generates an execution plan for Terragrunt
    - name: Terragrunt Plan
      run: terragrunt run-all plan --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

      # On push to main, build or change infrastructure according to Terragrunt configuration files
      # Note: It is recommended to set up a required "strict" status check in your repository for "Terragrunt Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
    - name: Terragrunt Apply
      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
      run: terragrunt run-all apply --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}