terraformgithub-actionsterraform-provider-gcpterragrunt

How to use Terragrunt in Github Actions


I am relatively new with creating custom github action workflows. I am trying to utilize Terragrunt with Terraform to automate my CICD workflow using Github Actions which provisions resources in a GCP account. I have gotten a Terraform Github Actions to work but I am now trying to expand it to a modular approach using Terragrunt wrapped around Terraform. I have tested my terragrunt script locally and I have no issues. But I am having trouble setting up the Terragrunt Github Actions workflow.yaml

Where do I find the "uses" repo for Terragrunt to setup Terragrunt. I searched Hasicorp's github repo's and they only list Terraform. I have only found older workflows only for AWS for Terragrunt.

Here is my current workflow.yaml:

name: 'Terragrunt CI'

on:
  push:
    branches:
    - main
  pull_request:

jobs:
  Terragrunt:
    name: 'Terragrunt'
    runs-on: ubuntu-latest

    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
    defaults:
      run:
        shell: bash

    steps:
    # Checkout the repository to the GitHub Actions runner
    - name: Checkout
      uses: actions/checkout@v2

    # Install the latest version of Terragrunt CLI and configure the Terragrunt CLI configuration file with a Terragrunt Cloud user API token
    - name: Setup Terragrunt
      uses: #**TBD-hashicorp/setup-Terragrunt@v1**


    # Initialize a new or existing Terragrunt working directory by creating initial files, loading any remote state, downloading modules, etc.
    - name: Terragrunt Init
      run: terragrunt init --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

    # Generates an execution plan for Terragrunt
    - name: Terragrunt Plan
      run: terragrunt run-all plan --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

      # On push to main, build or change infrastructure according to Terragrunt configuration files
      # Note: It is recommended to set up a required "strict" status check in your repository for "Terragrunt Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
    - name: Terragrunt Apply
      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
      run: terragrunt apply-all --terragrunt-non-interactive
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}

Solution

  • Confirmed, this workflow confirmed works.

    name: 'Terragrunt CI'
    
    on:
      push:
        branches:
        - main
      pull_request:
    
    jobs:
      Terragrunt:
        name: 'Terragrunt'
        runs-on: ubuntu-latest
    
        # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
        defaults:
          run:
            shell: bash
    
        steps:
        # Checkout the repository to the GitHub Actions runner
        - name: Checkout
          uses: actions/checkout@v2
    
        # Install the latest version of Terragrunt CLI and configure the Terragrunt CLI configuration file with a Terragrunt Cloud user API token
        - name: Setup Terraform v1.2.6
          uses: hashicorp/setup-Terraform@v1
          with:
            terraform_version: 1.2.6
            terraform_wrapper: true
        - name: Setup Terraform version
          run: terraform --version
        - name: Setup Terraform wrapper path
          run: which terraform
    
        - name: Setup Terragrunt v0.38.4
          run: |
            sudo wget -q -O /bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v0.38.4/terragrunt_linux_amd64"
            sudo chmod +x /bin/terragrunt
            terragrunt -v
    
        # Initialize a new or existing Terragrunt working directory by creating initial files, loading any remote state, downloading modules, etc.
        - name: Terragrunt Init
          run: terragrunt init --terragrunt-non-interactive
          env:
            GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
    
        # Generates an execution plan for Terragrunt
        - name: Terragrunt Plan
          run: terragrunt run-all plan --terragrunt-non-interactive
          env:
            GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
    
          # On push to main, build or change infrastructure according to Terragrunt configuration files
          # Note: It is recommended to set up a required "strict" status check in your repository for "Terragrunt Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
        - name: Terragrunt Apply
          if: github.ref == 'refs/heads/main' && github.event_name == 'push'
          run: terragrunt run-all apply --terragrunt-non-interactive
          env:
            GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}