CircleCI Developer Hub - orbies/terraform
Terraform orb for init, validate, format, lint and apply code.
· archived 5/18/2026, 12:39:38 AMscreenshotcached html CircleCI Developer Hub - orbies/terraformDeveloperStart Building for FreeHomeDocsOrbsImagesCircleCI.comAcademyBlogCommunitySupportOrb Quick Start GuideJobsvalidatelintapplycheckovCommandsconfigure-ssh-known-hostsvalidatecheckovlintapplyinstall-aws-cliExecutorstfcircleci-base-imagepythonOrb SourceOrbsorbies/[email protected]/[email protected] this OrbSectionsTerraform orb for init, validate, format, lint and apply code. Created: February 12, 2020Version Published: December 3, 2021Releases: 37Org Usage: < 25See Orb LicensingOrb Quick Start GuideUse CircleCI version 2.1 at the top of your .circleci/config.yml file.version: 2.1Copy This CodeAdd the orbs stanza below your version, invoking the orb:orbs: terraform: orbies/[email protected] This CodeUse terraform elements in your existing workflows and jobs.Opt-in to use of uncertified orbs on your organization’s Security settings page.Read more in the docs here.Jobsvalidate Show job SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEaccess_key-Yes-stringsecret_access_key-Yes-stringenvironment-Yes-stringaws_region-Noeu-west-1stringworking_directory-Yes-stringcheckout-Notruebooleanattach_workspace-Nofalsebooleanlint Show job SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEcheckout-Nofalsebooleanenvironment-Yes-stringworking_directory-Yes-stringconfig_file-No.tflint.hclstringapply Show job SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEaccess_key-Yes-stringsecret_access_key-Yes-stringenvironment-Yes-stringaws_region-Noeu-west-1stringworking_directory-Yes-stringcheckov Show job SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEcheckout-Nofalsebooleanattach_workspace-Nofalsebooleanworking_directory-Yes-stringenvironment-Yes-stringCommandsconfigure-ssh-known-hostsAdds github to ~/.ssh/known_hosts Show command SourcevalidateTerraform init, validate and fmt. Show command SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEaccess_key-Yes-stringsecret_access_key-Yes-stringenvironment-Yes-stringaws_region-Noeu-west-1stringcheckovRun Checkov static code analysis tool Show command SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEenvironment-Yes-stringlintRun terraform linter on files Show command SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEenvironment-Yes-stringworking_directory-Yes-stringconfig_file-No.tflint.hclstringapplyApplies terraform configuration Show command SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEaccess_key-Yes-stringsecret_access_key-Yes-stringenvironment-Yes-stringaws_region-Noeu-west-1stringinstall-aws-cliInstall aws cli Show command SourceExecutorstf Show executor SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEworking-directory-No.stringcircleci-base-image Show executor SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEworking-directory-No.stringpython Show executor SourcePARAMETERDESCRIPTIONREQUIREDDEFAULTTYPEworking-directory-No.stringOrb Source1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 # This code is licensed from CircleCI to the user under the MIT license. # See here for details: https://circleci.com/developer/orbs/licensing version: 2.1 description: | Terraform orb for init, validate, format, lint and apply code. executors: tf: docker: - image: hashicorp/terraform:0.14.11 environment: TF_IN_AUTOMATION: "true" working_directory: << parameters.working-directory >> parameters: working-directory: default: . type: string circleci-base-image: docker: - image: cimg/base:2020.08 working_directory: << parameters.working-directory >> parameters: working-directory: default: . type: string python: docker: - image: cimg/python:3.9.6 working_directory: << parameters.working-directory >> parameters: working-directory: default: . type: string default_config: &default_config parameters: &default_params access_key: type: string secret_access_key: type: string environment: type: string aws_region: default: "eu-west-1" type: string conditional_checkout: &conditional_checkout when: condition: equal: [true, << parameters.checkout >>] steps: - checkout conditional_attach_workspace: &conditional_attach_workspace when: condition: equal: [true, << parameters.attach_workspace >>] steps: - attach_workspace: at: . add_keys: &add_keys run: name: Set AWS env vars command: | echo "export AWS_ACCESS_KEY_ID=<< parameters.access_key >>" >> $BASH_ENV echo "export AWS_SECRET_ACCESS_KEY=<< parameters.secret_access_key >>" >> $BASH_ENV echo "export AWS_DEFAULT_REGION=<< parameters.aws_region >>" >> $BASH_ENV commands: configure-ssh-known-hosts: description: Adds github to ~/.ssh/known_hosts steps: - run: mkdir -p ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts validate: description: Terraform init, validate and fmt. <<: *default_config steps: - *add_keys - configure-ssh-known-hosts - run: name: Terraform initialization command: cd "<< parameters.environment >>" && terraform init -input=false - run: name: Validate terraform configs command: find * -type f -name "*.tf" ! -path "*/.terraform" ! -path "*/.terraform/*" ! -path modules/ ! -path "modules/*" -exec dirname {} \; | sort -u | while read directory; do terraform validate; done || exit 1 - run: name: Check if Terraform configurations are properly formatted command: if [[ -n "$(terraform fmt -recursive -write=false)" ]]; then echo "Some terraform files need be formatted, run 'terraform fmt' to fix"; exit 1; fi - run: name: Terraform plan and output the tfplan command: cd "<< parameters.environment >>" && terraform plan -input=false -out=tfplan checkov: description: Run Checkov static code analysis tool parameters: environment: type: string steps: - run: name: install checkov command: pip install -Iv checkov==2.0.392 - run: name: Run checkov command: cd << parameters.environment >> && checkov -d . lint: description: Run terraform linter on files parameters: environment: type: string working_directory: type: string config_file: type: string default: .tflint.hcl steps: - attach_workspace: at: << parameters.working_directory >> - run: name: Install tflint command: curl -L "$(curl -Ls https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" -o tflint.zip && unzip tflint.zip && mkdir -p /home/circleci/.local/bin/ && mv -v tflint /home/circleci/.local/bin/ && rm tflint.zip - run: name: Run tflint command: cd "<< parameters.environment >>" && tflint --module -c << parameters.working_directory >>/<< parameters.config_file >> apply: description: Applies terraform configuration <<: *default_config steps: - *add_keys - run: name: Running terraform apply command: | cd "<< parameters.environment >>" && terraform apply -input=false tfplan install-aws-cli: description: Install aws cli steps: - run: name: Install aws cli command: | apk --no-cache add binutils curl GLIBC_VER=$(curl -s https://api.github.com/repos/sgerrand/alpine-pkg-glibc/releases/latest | grep tag_name | cut -d : -f 2,3 | tr -d \",' ') curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk apk add --no-cache glibc-${GLIBC_VER}.apk glibc-bin-${GLIBC_VER}.apk curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip unzip awscliv2.zip aws/install rm -rf awscliv2.zip aws /usr/local/aws-cli/v2/*/dist/aws_completer /usr/local/aws-cli/v2/*/dist/awscli/data/ac.index /usr/local/aws-cli/v2/*/dist/awscli/examples apk --no-cache del binutils curl rm glibc-${GLIBC_VER}.apk glibc-bin-${GLIBC_VER}.apk rm -rf /var/cache/apk/* jobs: validate: executor: tf shell: /bin/sh -leo pipefail environment: - BASH_ENV: /etc/profile parameters: <<: *default_params working_directory: type: string checkout: type: boolean default: true attach_workspace: type: boolean default: false working_directory: << parameters.working_directory >> steps: - *conditional_checkout - *conditional_attach_workspace - run: name: Install openssl package command: apk add openssl - validate: access_key: << parameters.access_key >> secret_access_key: << parameters.secret_access_key >> environment: << parameters.environment >> - persist_to_workspace: root: << parameters.working_directory >> paths: << parameters.environment >>/tfplan << parameters.environment >>/.terraform/* << parameters.environment >>/.terraform.lock.hcl .tflint.hcl lint: executor: circleci-base-image parameters: checkout: type: boolean default: false environment: type: string working_directory: type: string config_file: type: string default: .tflint.hcl working_directory: << parameters.working_directory >> steps: - *conditional_checkout - lint: config_file: << parameters.config_file >> environment: << parameters.environment >> working_directory: << parameters.working_directory >> apply: executor: tf shell: /bin/sh -leo pipefail environment: - BASH_ENV: /etc/profile parameters: <<: *default_params working_directory: type: string working_directory: << parameters.working_directory >> steps: - install-aws-cli - attach_workspace: at: << parameters.working_directory >> - apply: access_key: << parameters.access_key >> secret_access_key: << parameters.secret_access_key >> environment: << parameters.environment >> checkov: executor: python parameters: checkout: type: boolean default: false attach_workspace: type: boolean default: false working_directory: type: string environment: type: string working_directory: << parameters.working_directory >> steps: - *conditional_checkout - *conditional_attach_workspace - attach_workspace: at: << parameters.working_directory >> - checkov: environment: << parameters.environment >> Developer UpdatesGet tips to optimize your buildsOr join our research panel and give feedbackCountryUnited StatesCanada----AndorraUnited Arab EmiratesAfghanistanAntigua and BarbudaAnguillaAlbaniaArmeniaAngolaAntarcticaArgentinaAustriaAustraliaArubaAland IslandsAzerbaijanBosnia and HerzegovinaBarbadosBangladeshBelgiumBurkina FasoBulgariaBahrainBurundiBeninSaint BarthélemyBermudaBrunei DarussalamBolivia, Plurinational State ofBonaire, Sint Eustatius and SabaBrazilBahamasBhutanBouvet IslandBotswanaBelarusBelizeCanadaCocos (Keeling) IslandsCongo, the Democratic Republic of theCentral African RepublicCongoSwitzerlandCôte d’IvoireCook IslandsChileCameroonChinaColombiaCosta RicaCubaCape VerdeCuraçaoChristmas IslandCyprusCzech RepublicGermanyDjiboutiDenmarkDominicaDominican RepublicAlgeriaEcuadorEstoniaEgyptWestern SaharaEritreaSpainEthiopiaFinlandFijiFalkland Islands (Malvinas)Faroe IslandsFranceGabonUnited KingdomGrenadaGeorgiaFrench GuianaGuernseyGhanaGibraltarGreenlandGambiaGuineaGuadeloupeEquatorial GuineaGreeceSouth Georgia and the South Sandwich IslandsGuatemalaGuinea-BissauGuyanaHeard Island and McDonald IslandsHondurasCroatiaHaitiHungaryIndonesiaIrelandIsraelIsle of ManIndiaBritish Indian Ocean TerritoryIraqIran, Islamic Republic ofIcelandItalyJerseyJamaicaJordanJapanKenyaKyrgyzstanCambodiaKiribatiComorosSaint Kitts and NevisKorea, Democratic People’s Republic ofKorea, Republic ofKuwaitCayman IslandsKazakhstanLao People’s Democratic RepublicLebanonSaint LuciaLiechtensteinSri LankaLiberiaLesothoLithuaniaLuxembourgLatviaLibyan Arab JamahiriyaMoroccoMonacoMoldova, Republic ofMontenegroSaint Martin (French part)MadagascarNorth Macedonia, Republic ofMaliMyanmarMongoliaMacaoMartiniqueMauritaniaMontserratMaltaMauritiusMaldivesMalawiMexicoMalaysiaMozambiqueNamibiaNew CaledoniaNigerNorfolk IslandNigeriaNicaraguaNetherlandsNorwayNepalNauruNiueNew ZealandOmanPanamaPeruFrench PolynesiaPapua New GuineaPhilippinesPakistanPolandSaint Pierre and MiquelonPitcairnPalestinePortugalParaguayQatarRéunionRomaniaSerbiaRussian FederationRwandaSaudi ArabiaSolomon IslandsSeychellesSudanSwedenSingaporeSaint Helena, Ascension and Tristan da CunhaSloveniaSvalbard and Jan MayenSlovakiaSierra LeoneSan MarinoSenegalSomaliaSurinameSouth SudanSao Tome and PrincipeEl SalvadorSint Maarten (Dutch part)Syrian Arab RepublicSwazilandTurks and Caicos IslandsChadFrench Southern TerritoriesTogoThailandTajikistanTokelauTimor-LesteTurkmenistanTunisiaTongaTurkeyTrinidad and TobagoTuvaluTaiwanTanzania, United Republic ofUkraineUgandaUnited StatesUruguayUzbekistanHoly See (Vatican City State)Saint Vincent and the GrenadinesVenezuela, Bolivarian Republic ofVirgin Islands, BritishVietnamVanuatuWallis and FutunaSamoaYemenMayotteSouth AfricaZambiaZimbabweSubscribeBy submitting this form, you are agreeing to ourTerms of UseandPrivacy Policy.DeveloperCircleCI RSS feedCircleCI FacebookCircleCI TwitterCircleCI GitHubCircleCI TwitchCircleCI LinkedInTerms of UsePrivacy PolicyCookie PolicySecurity© 2023 Circle Internet Services, Inc., All Rights Reserved.