Terraform is an extremely powerful tool, but the out-of-the-box workflow can lead to pitfalls such as forgetting to commit and push changes to manifest and terraform.tfstate files.

Use this example CircleCI configuration for a rock-solid pull-request workflow for Terraform projects.

The Workflow

  1. A project contributor creates a pull request with changes to terraform manifests.
  2. CircleCI runs a terraform plan and posts the diff as a comment in the pull request.
  3. When the PR is merged to master, CircleCI runs terraform apply to resolve the diffs.

Additional Requirements

Add an environment variable GITHUB_TOKEN with the personal access token of a bot user (this is used to post the comment on the PR).

You will also need to add authentication environment variables for your cloud provider (in AWS this is AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY).

Ensure your state is stored in remote storage, such as S3.

Copy the .circleci/config.yml and .circleci/plan-comment.tpl from the gist below to your repo.