A GitHub Action for publishing Terraform modules to Google Cloud Storage (GCS) buckets with proper versioning.
This action helps you automate the process of publishing Terraform modules to GCS buckets, which can be used as a private Terraform module registry. It handles:
- Packaging Terraform modules into zip files
- Uploading modules to GCS with proper versioning
- Optional cleanup of old versions
- Cryptographic hash verification
- Minimized dependencies to reduce attack surface
- All dependencies pinned to specific versions
- Credentials handled securely with proper cleanup
- Input validation to prevent injection attacks
- Uses Google Cloud Storage signed URLs for secure access
- Proper error handling and logging
name: Publish Terraform Module
on:
release:
types: [created]
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Publish Terraform Module
uses: infraspecdev/terraform-module-gcs-publisher@v1
with:
gcs-bucket: 'your-terraform-modules-bucket'
module-name: 'vpc'
module-version: ${{ github.event.release.tag_name }}
module-path: '.'
google-credentials: ${{ secrets.GOOGLE_CREDENTIALS }}
delete-old-versions: 'true'
keep-versions: '5'| Input | Description | Required | Default |
|---|---|---|---|
gcs-bucket |
GCS bucket name where Terraform modules will be stored | Yes | |
module-name |
Name of the Terraform module | Yes | |
module-version |
Version of the Terraform module (semver format) | Yes | |
module-path |
Path to the Terraform module directory | Yes | . |
google-credentials |
Google Cloud service account credentials (JSON) | Yes | |
delete-old-versions |
Whether to delete old versions of the module | No | false |
keep-versions |
Number of old versions to keep when deleting old versions | No | 5 |
| Output | Description |
|---|---|
module-url |
URL of the uploaded Terraform module |
version |
Version of the uploaded Terraform module |
You can reference the modules in your Terraform code by specifying the exact version:
module "vpc" {
source = "gcs::https://storage.googleapis.com/your-terraform-modules-bucket/modules/vpc/vpc-1.0.0.zip"
}This approach ensures consistent and predictable deployments by pinning to specific module versions.
The service account used by this GitHub Action needs the following permissions:
storage.objects.createstorage.objects.delete(if usingdelete-old-versions)storage.objects.getstorage.objects.list
Contributions are welcome. Please see DEVELOPMENT.md for development setup, guidelines, and workflow information. Submit a Pull Request to contribute to this project.
This project is licensed under the MIT License - see the LICENSE file for details.