Skip to content

feat: add fine-grained pre/post commands to terragrunt workflows #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chris11-taylor-nttd merged 1 commit into from
Feb 6, 2026
Merged

feat: add fine-grained pre/post commands to terragrunt workflows #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
127 changes: 82 additions & 45 deletions .github/workflows/reusable-terragrunt-deploy-aws.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,49 +4,74 @@ on:
workflow_call:
inputs:
git_branch:
description: 'Branch triggering this destroy.'
description: "Branch triggering this destroy."
required: true
type: string
tf_version:
description: 'Version of Terraform to utilize'
required: true
default: '1.5.5'
type: string
description: "Version of Terraform to utilize"
required: true
default: "1.5.5"
type: string
tg_version:
description: 'Version of Terragrunt to utilize'
description: "Version of Terragrunt to utilize"
required: true
default: '0.54.11'
default: "0.54.11"
type: string
gh_environment:
description: 'GitHub Environment to deploy to (e.g. test, production). If not supplied, will be set from the environment input.'
description: "GitHub Environment to deploy to (e.g. test, production). If not supplied, will be set from the environment input."
required: false
type: string
environments_root:
description: 'Root folder containing all environments'
description: "Root folder containing all environments"
required: false
default: 'platform'
default: "platform"
type: string
environment:
description: 'Environment (subfolder of environments_root, e.g. test) to deploy'
description: "Environment (subfolder of environments_root, e.g. test) to deploy"
required: true
type: string
region:
description: 'Region within the environment (e.g. us-east-1) to deploy'
description: "Region within the environment (e.g. us-east-1) to deploy"
required: true
type: string
env_id:
description: 'Instance within the region (e.g. 000) to deploy.'
description: "Instance within the region (e.g. 000) to deploy."
required: true
type: string
extra_setup_commands:
description: 'Extra setup commands to run prior to executing Terragrunt.'
before_plan_commands:
description: "Commands to run prior to executing Terragrunt plan."
required: false
type: string
default: ""
before_deploy_commands:
description: "Commands to run prior to executing Terragrunt apply."
required: false
type: string
default: ""
before_shared_commands:
description: "Commands to run prior to both Terragrunt plan and apply. These are applied after before_plan_commands and before_deploy_commands."
required: false
type: string
default: ""
after_plan_commands:
description: "Commands to run after executing Terragrunt plan."
required: false
type: string
default: ""
after_deploy_commands:
description: "Commands to run after executing Terragrunt apply."
required: false
type: string
default: ""
after_shared_commands:
description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands."
required: false
type: string
default: ''
default: ""

permissions:
id-token: write
contents: read
id-token: write
contents: read

jobs:
deploy:
Expand All @@ -73,45 +98,57 @@ jobs:
- name: "Set default Terraform Tags"
id: set-tags
run: |
set -x
echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT"
echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT"
echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT"
echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT"
set -x
echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT"
echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT"
echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT"
echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT"

- name: Plan
id: plan
uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1
env:
AWS_REGION: ${{ inputs.region }}
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.extra_setup_commands }}
TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }}
TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }}
TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }}
TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }}
AWS_REGION: ${{ inputs.region }}
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.before_plan_commands }}
INPUT_PRE_EXEC_2: |
${{ inputs.before_shared_commands }}
INPUT_POST_EXEC_0: |
${{ inputs.after_plan_commands }}
INPUT_POST_EXEC_1: |
${{ inputs.after_shared_commands }}
TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }}
TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }}
TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }}
TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }}
with:
tf_version: ${{ inputs.tf_version }}
tg_version: ${{ inputs.tg_version }}
tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}'
tg_command: 'plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan'
tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}"
tg_command: "plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan"

- name: Deploy
uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1
env:
AWS_REGION: ${{ inputs.region }}
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.extra_setup_commands }}
TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }}
TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }}
TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }}
TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }}
AWS_REGION: ${{ inputs.region }}
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.before_deploy_commands }}
INPUT_PRE_EXEC_2: |
${{ inputs.before_shared_commands }}
INPUT_POST_EXEC_0: |
${{ inputs.after_deploy_commands }}
INPUT_POST_EXEC_1: |
${{ inputs.after_shared_commands }}
TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }}
TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }}
TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }}
TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }}
with:
tf_version: ${{ inputs.tf_version }}
tg_version: ${{ inputs.tg_version }}
tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}'
tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan'
tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}"
tg_command: "apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan"
117 changes: 77 additions & 40 deletions .github/workflows/reusable-terragrunt-deploy-azure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,41 +4,66 @@ on:
workflow_call:
inputs:
git_branch:
description: 'Branch triggering this destroy.'
description: "Branch triggering this destroy."
required: true
type: string
tf_version:
description: 'Version of Terraform to utilize'
required: true
default: '1.5.5'
type: string
description: "Version of Terraform to utilize"
required: true
default: "1.5.5"
type: string
tg_version:
description: 'Version of Terragrunt to utilize'
description: "Version of Terragrunt to utilize"
required: true
default: '0.77.22'
default: "0.77.22"
type: string
environments_root:
description: 'Root folder containing all environments'
description: "Root folder containing all environments"
required: false
default: 'platform'
default: "platform"
type: string
environment:
description: 'Environment (subfolder of environments_root, e.g. test) to deploy'
description: "Environment (subfolder of environments_root, e.g. test) to deploy"
required: true
type: string
region:
description: 'Region within the environment (e.g. eastus2) to deploy'
description: "Region within the environment (e.g. eastus2) to deploy"
required: true
type: string
env_id:
description: 'Instance within the region (e.g. 000) to deploy.'
description: "Instance within the region (e.g. 000) to deploy."
required: true
type: string
extra_setup_commands:
description: 'Extra setup commands to run prior to executing Terragrunt.'
before_plan_commands:
description: "Commands to run prior to executing Terragrunt plan."
required: false
type: string
default: ""
before_deploy_commands:
description: "Commands to run prior to executing Terragrunt apply."
required: false
type: string
default: ""
before_shared_commands:
description: "Commands to run prior to both Terragrunt plan and apply. These are applied after before_plan_commands and before_deploy_commands."
required: false
type: string
default: ""
after_plan_commands:
description: "Commands to run after executing Terragrunt plan."
required: false
type: string
default: ""
after_deploy_commands:
description: "Commands to run after executing Terragrunt apply."
required: false
type: string
default: ""
after_shared_commands:
description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands."
required: false
type: string
default: ''
default: ""
secrets:
TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID:
required: true
Expand Down Expand Up @@ -78,39 +103,51 @@ jobs:
- name: "Set default Terraform Tags"
id: set-tags
run: |
set -x
repo=$(echo "${{ github.repository }}" | cut -d "/" -f 2)
echo "SYSTEM_TAGS={\"Organization\":\"${{ github.repository_owner }}\",\"Repository\":\"$repo\",\"Branch\":\"${{ inputs.git_branch }}\",\"CommitHash\":\"${{ github.sha }}\"}" >> "$GITHUB_OUTPUT"
set -x
repo=$(echo "${{ github.repository }}" | cut -d "/" -f 2)
echo "SYSTEM_TAGS={\"Organization\":\"${{ github.repository_owner }}\",\"Repository\":\"$repo\",\"Branch\":\"${{ inputs.git_branch }}\",\"CommitHash\":\"${{ github.sha }}\"}" >> "$GITHUB_OUTPUT"

- name: Plan
id: plan
uses: gruntwork-io/terragrunt-action@v3
env:
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.extra_setup_commands }}
ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }}
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.before_plan_commands }}
INPUT_PRE_EXEC_2: |
${{ inputs.before_shared_commands }}
INPUT_POST_EXEC_0: |
${{ inputs.after_plan_commands }}
INPUT_POST_EXEC_1: |
${{ inputs.after_shared_commands }}
ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }}
with:
tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}'
tg_command: 'plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan'
tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}"
tg_command: "plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan"

- name: Deploy
uses: gruntwork-io/terragrunt-action@v3
env:
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.extra_setup_commands }}
ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }}
INPUT_PRE_EXEC_0: |
sudo apt update -yqq && sudo apt install python3 -yqq
INPUT_PRE_EXEC_1: |
${{ inputs.before_deploy_commands }}
INPUT_PRE_EXEC_2: |
${{ inputs.before_shared_commands }}
INPUT_POST_EXEC_0: |
${{ inputs.after_deploy_commands }}
INPUT_POST_EXEC_1: |
${{ inputs.after_shared_commands }}
ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }}
with:
tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}'
tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan'
tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}"
tg_command: "apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan"
Loading
Loading