Bird
Raised Fist0
Terraformcloud~10 mins

Terraform in GitHub Actions - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Process Flow - Terraform in GitHub Actions
Start: Push code to GitHub
GitHub Actions workflow triggers
Set up Terraform environment
Terraform init: Prepare backend and providers
Terraform plan: Show changes
Terraform apply: Make changes
Workflow ends with success or failure
This flow shows how pushing code triggers GitHub Actions to run Terraform commands step-by-step.
Execution Sample
Terraform
name: Terraform
on: [push]
jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: hashicorp/setup-terraform@v2
      - run: terraform init
      - run: terraform plan
      - run: terraform apply -auto-approve
This GitHub Actions workflow runs Terraform init, plan, and apply on every push.
Process Table
StepActionCommand RunResultNext Step
1Trigger workflowpush eventWorkflow startsCheckout code
2Checkout codeactions/checkout@v3Code availableSetup Terraform
3Setup Terraformhashicorp/setup-terraform@v2Terraform readyterraform init
4Terraform initterraform initBackend and providers initializedterraform plan
5Terraform planterraform planPlan shows changesterraform apply
6Terraform applyterraform apply -auto-approveInfrastructure updatedWorkflow ends
7EndN/ASuccess or failure reportedStop
💡 Workflow stops after apply completes or if any step fails.
Status Tracker
VariableStartAfter Step 3After Step 4After Step 5After Step 6Final
Code checked outNoYesYesYesYesYes
Terraform installedNoYesYesYesYesYes
Backend initializedNoNoYesYesYesYes
Plan createdNoNoNoYesYesYes
Infrastructure appliedNoNoNoNoYesYes
Key Moments - 3 Insights
Why does the workflow fail if 'terraform init' is not successful?
'terraform init' sets up backend and providers needed for plan and apply. Without it, later steps cannot run, as shown in execution_table step 4.
What happens if 'terraform plan' shows no changes?
Even if no changes are planned, 'terraform apply' runs but makes no updates. This is shown in execution_table step 5 and 6.
Why do we use '-auto-approve' in 'terraform apply'?
It skips manual confirmation so the workflow can run unattended, as seen in execution_table step 6.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the result after step 4?
ACode available
BBackend and providers initialized
CPlan shows changes
DInfrastructure updated
💡 Hint
Check the 'Result' column for step 4 in execution_table.
At which step does the infrastructure get updated?
AStep 6
BStep 4
CStep 3
DStep 5
💡 Hint
Look for 'Infrastructure updated' in the 'Result' column.
If the 'terraform init' step fails, what happens next?
AWorkflow continues to plan
BApply runs anyway
CWorkflow stops with failure
DCode checkout repeats
💡 Hint
Refer to the exit_note and step 4 in execution_table.
Concept Snapshot
Terraform in GitHub Actions:
- Triggered by code push
- Steps: checkout, setup, init, plan, apply
- 'terraform init' prepares environment
- 'terraform plan' previews changes
- 'terraform apply -auto-approve' updates infra
- Workflow stops on failure or success
Full Transcript
This visual execution shows how Terraform runs inside GitHub Actions. When code is pushed, the workflow starts and checks out the code. Then it sets up Terraform. Next, 'terraform init' prepares the backend and providers. After that, 'terraform plan' shows what changes will happen. Finally, 'terraform apply -auto-approve' makes the changes automatically. The workflow ends with success or failure depending on these steps. Variables like code checked out and infrastructure applied change step-by-step. Key points include the importance of 'terraform init' and the use of '-auto-approve' to avoid manual input. The quiz questions help check understanding of each step's result and workflow behavior.

Practice

(1/5)
1. What is the main purpose of using Terraform in GitHub Actions workflows?
easy
A. To store Terraform state files in GitHub issues
B. To manually edit cloud resources from GitHub
C. To automatically run Terraform commands when code changes
D. To replace Terraform CLI with GitHub commands

Solution

  1. Step 1: Understand Terraform automation

    Terraform automates cloud resource management by running commands like plan and apply.

  2. Step 2: Role of GitHub Actions

    GitHub Actions can trigger these Terraform commands automatically when code changes happen.

  3. Final Answer:

    To automatically run Terraform commands when code changes -> Option C

  4. Quick Check:

    Terraform automation = automatic runs [OK]
Hint: Terraform in GitHub Actions automates runs on code changes [OK]
Common Mistakes:
  • Thinking GitHub Actions replaces Terraform CLI
  • Believing Terraform state is stored in GitHub issues
  • Assuming manual edits happen inside GitHub
2. Which syntax correctly defines a GitHub Actions step to run terraform init?
easy
A. - name: Terraform Init command: terraform init
B. - run: terraform init name: Terraform Init
C. - step: terraform init run: true
D. - name: Terraform Init run: terraform init

Solution

  1. Step 1: Check GitHub Actions step syntax

    Steps use name and run keys to describe and execute commands.

  2. Step 2: Validate correct order and keys

    - name: Terraform Init run: terraform init uses name then run with the correct command string.

  3. Final Answer:

    - name: Terraform Init run: terraform init -> Option D

  4. Quick Check:

    Step keys = name + run [OK]
Hint: GitHub Actions steps use 'name' then 'run' keys [OK]
Common Mistakes:
  • Using 'command' instead of 'run'
  • Swapping order of keys causing confusion
  • Using invalid keys like 'step'
3. Given this GitHub Actions snippet, what will happen when a push occurs? 
jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Terraform Init
        run: terraform init
      - name: Terraform Plan
        run: terraform plan
medium
A. The workflow will fail due to missing apply step
B. Terraform will initialize and then create a plan for changes
C. Terraform will only checkout the code without running commands
D. Terraform will apply changes automatically

Solution

  1. Step 1: Analyze the steps in the workflow

    The workflow checks out code, runs terraform init, then runs terraform plan.

  2. Step 2: Understand Terraform commands effect

    terraform init prepares the environment; terraform plan shows what changes would happen but does not apply them.

  3. Final Answer:

    Terraform will initialize and then create a plan for changes -> Option B

  4. Quick Check:

    Init + Plan = prepare and preview [OK]
Hint: Init prepares, Plan previews changes, Apply makes changes [OK]
Common Mistakes:
  • Confusing plan with apply
  • Assuming apply runs automatically
  • Ignoring checkout step importance
4. You wrote this GitHub Actions step but it fails: 
- name: Terraform Apply
  run: terraform apply -auto-approve
What is a common reason for failure in this context?
medium
A. Missing terraform init before apply
B. Using -auto-approve flag incorrectly
C. GitHub Actions does not support terraform apply
D. The step name must be 'Apply Terraform' exactly

Solution

  1. Step 1: Check Terraform command requirements

    Terraform requires terraform init to run first to set up backend and providers.

  2. Step 2: Identify missing initialization

    If terraform init is missing, terraform apply will fail due to uninitialized state.

  3. Final Answer:

    Missing terraform init before apply -> Option A

  4. Quick Check:

    Init must run before apply [OK]
Hint: Always run 'terraform init' before 'terraform apply' [OK]
Common Mistakes:
  • Thinking -auto-approve causes failure
  • Believing GitHub Actions blocks apply commands
  • Assuming step name affects execution
5. You want to securely store Terraform state remotely and run terraform apply only after manual approval in GitHub Actions. Which setup is best?
hard
A. Use a remote backend like AWS S3 for state and add a manual approval job before apply
B. Store state in GitHub repo and run apply automatically after plan
C. Keep state local and run apply in the same job as plan
D. Use GitHub Secrets to store state file content and apply immediately

Solution

  1. Step 1: Secure state storage best practice

    Remote backends like AWS S3 keep Terraform state safe and shared among users.

  2. Step 2: Implement manual approval in workflow

    GitHub Actions supports manual approval jobs to pause before applying changes.

  3. Step 3: Combine both for safe, controlled deployment

    Using remote state plus manual approval ensures safety and control over apply.

  4. Final Answer:

    Use a remote backend like AWS S3 for state and add a manual approval job before apply -> Option A

  5. Quick Check:

    Remote state + manual approval = safe apply [OK]
Hint: Remote state + manual approval = secure, controlled apply [OK]
Common Mistakes:
  • Storing state in repo risking conflicts
  • Running apply automatically without checks
  • Using secrets to store entire state file