An action that stores your Terraform state file as an encrypted Github workflow artifact and downloads and decrypts the state on subsequent runs.
Be aware that Github delets artifacts older then 90 days by default. You can run your pipeline on a schedule to create a new artifact at least once every 90 days.
steps:
- uses: actions/checkout@v3
- name: Download Terraform state
uses: devgioele/terraform-state-artifact@v4
with:
passphrase: ${{ secrets.TF_STATE_PASSPHRASE }}
download_upload: download
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform init
run: terraform init
- name: Terraform validate
run: terraform validate
- name: Terraform apply
run: terraform apply -auto-approve
- name: Upload Terraform state
uses: devgioele/terraform-state-artifact@v4
with:
passphrase: ${{ secrets.TF_STATE_PASSPHRASE }}
download_upload: uploadGenerate a secure password and store in a GitHub secret named TF_STATE_PASSPHRASE.
The action supports the following inputs:
| Variable | Description | Default |
|---|---|---|
passphrase |
A passphrase to encrypt and decrypt the statefile artifact. | N/A |
download_upload |
Whether to download and decrypt or upload and encrypt. | N/A |
statefile_location |
(optional) The location of your Terraform statefile. | '' |
This action would not have been possible without the previous work done by sturlabragason. I created a fork instead of a PR, because I wanted my changes to take immediate effect.