A GitHub Action for installing and running Terragrunt and OpenTofu.
The current minimum supported version of Terragrunt is 0.77.22.
Supported GitHub action inputs:
Input Name | Description | Required | Example values |
---|---|---|---|
tg_version | Terragrunt version to be used in Action execution | true if no mise.toml file present |
0.50.8 |
tofu_version | OpenTofu version to be used in Action execution | true if tf_path is not provided and the file mise.toml is not present |
1.6.0 |
tf_path | Path to Terraform binary (use to explicitly choose tofu/terraform) | false |
/usr/bin/tofu |
tg_dir | Directory in which Terragrunt will be invoked | false |
work |
tg_command | Terragrunt command to execute | false |
plan/apply |
tg_comment | Add comment to Pull request with execution output | false |
0/1 |
tg_add_approve | Automatically add "-auto-approve" to commands, enabled by default | false |
0/1 |
github_token | GitHub token for API authentication to avoid rate limits | false |
${{ github.token }} |
This action supports two ways to specify tool versions:
-
Using
mise.toml
file (recommended): Create amise.toml
or.mise.toml
file in your repository root to configure mise:[tools] terragrunt = "0.82.3" opentofu = "1.10.1"
-
Using action inputs: Specify versions directly in the action inputs when no
mise.toml
file is present.
Supported environment variables:
Input Name | Description |
---|---|
GITHUB_TOKEN | GitHub token used to add comment to Pull request |
TF_LOG | Log level for Terraform |
TF_VAR_name | Define custom variable name as inputs |
INPUT_PRE_EXEC_number | Environment variable is utilized to provide custom commands that will be executed before running Terragrunt |
INPUT_POST_EXEC_number | Environment variable is utilized to provide custom commands that will be executed after running Terragrunt |
Outputs of GitHub action:
Input Name | Description |
---|---|
tg_action_exit_code | Terragrunt exit code |
tg_action_output | Terragrunt output as plain text |
You can use this action to simply install Terragrunt and OpenTofu/Terraform, then run terragrunt commands in subsequent steps:
name: 'Terragrunt GitHub Actions'
on:
- pull_request
jobs:
terragrunt:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
# Assuming you have a mise.toml file in your repository.
- name: Install Terragrunt and OpenTofu
uses: gruntwork-io/terragrunt-action@v3
# Note: no tg_command specified, so terragrunt won't be executed
# If you don't have a mise.toml file in your repository, you can specify tool version directly.
# - name: Install Terragrunt and OpenTofu
# uses: gruntwork-io/terragrunt-action@v3
# with:
# tg_version: '0.82.2'
# tofu_version: '1.10.1'
- name: Run terragrunt plan
run: |
cd infrastructure/
terragrunt plan
- name: Run terragrunt apply
if: github.ref == 'refs/heads/main'
run: |
cd infrastructure/
terragrunt run --all --non-interactive apply
Create a mise.toml
file in your repository root:
[tools]
terragrunt = "0.82.2"
opentofu = "1.10.1"
Then use the action without specifying versions:
name: 'Terragrunt GitHub Actions'
on:
- pull_request
env:
working_dir: 'project'
jobs:
checks:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Check terragrunt HCL
uses: gruntwork-io/terragrunt-action@v3
with:
tg_dir: ${{ env.working_dir }}
tg_command: 'hcl fmt --check --diff'
plan:
runs-on: ubuntu-latest
needs: [ checks ]
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Plan
uses: gruntwork-io/terragrunt-action@v3
with:
tg_dir: ${{ env.working_dir }}
tg_command: 'plan'
deploy:
runs-on: ubuntu-latest
needs: [ plan ]
environment: 'prod'
if: github.ref == 'refs/heads/main'
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Deploy
uses: gruntwork-io/terragrunt-action@v3
with:
tg_dir: ${{ env.working_dir }}
tg_command: 'apply'
name: 'Terragrunt GitHub Actions'
on:
- pull_request
env:
tg_version: '0.82.2'
tofu_version: '1.10.1'
working_dir: 'project'
jobs:
checks:
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Check terragrunt HCL
uses: gruntwork-io/terragrunt-action@v3
with:
tofu_version: ${{ env.tofu_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: 'hcl fmt --check --diff'
plan:
runs-on: ubuntu-latest
needs: [ checks ]
steps:
- name: 'Checkout'
uses: actions/checkout@main
- name: Plan
uses: gruntwork-io/terragrunt-action@v3
with:
tofu_version: ${{ env.tofu_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: 'plan'
deploy:
runs-on: ubuntu-latest
needs: [ plan ]
environment: 'prod'
if: github.ref == 'refs/heads/main'
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Deploy
uses: gruntwork-io/terragrunt-action@v3
with:
tofu_version: ${{ env.tofu_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: 'apply'
- name: Deploy with explicit terraform binary
uses: gruntwork-io/terragrunt-action@v3
with:
tf_path: "terraform" # Explicitly use terraform even if both tofu and terraform are installed.
tg_dir: ${{ env.working_dir }}
tg_command: 'apply'
...
- name: Plan
uses: gruntwork-io/terragrunt-action@v3
env:
# configure git to use custom token to clone repository.
INPUT_PRE_EXEC_1: |
git config --global url."https://user:${{secrets.PAT_TOKEN}}@github.com".insteadOf "https://github.com"
# print git configuration
INPUT_PRE_EXEC_2: |
git config --global --list
with:
tg_command: 'plan'
...
...
env:
tg_version: 0.82.2
tofu_version: 1.10.1
working_dir: project
TF_PLUGIN_CACHE_DIR: ${{ github.workspace }}/.terraform.d/plugin-cache
jobs:
plan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create OpenTofu Plugin Cache Dir
run: mkdir -p $TF_PLUGIN_CACHE_DIR
- name: OpenTofu Plugin Cache
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugin-cache-${{ hashFiles('**/.terraform.lock.hcl') }}
- name: Plan
uses: gruntwork-io/terragrunt-action@v3
env:
TF_PLUGIN_CACHE_DIR: ${{ env.TF_PLUGIN_CACHE_DIR }}
with:
tofu_version: ${{ env.tofu_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: plan
...