This directory contains GitHub Actions workflows for automated Terraform infrastructure management with Terraform Cloud integration.

🏠 ← Hackathons Repository • 🤖 Claude Guidance • 🚀 Modular Hackathon

• Trigger: PRs/pushes affecting any Terraform files
• Purpose: Comprehensive validation across entire repository
• Checks: Format, lint, security, naming conventions
• Scope: ALL Terraform files in the repository

• Trigger: Pull requests affecting infrastructure files
• Purpose: Generate and review Terraform plans
• Output: Plan details commented on PR
• Validation: Format, TFLint, validation before planning

• Trigger: Push to main branch (after PR merge)
• Purpose: Apply approved infrastructure changes
• Protection: Requires production environment approval
• Validation: Format, TFLint, validation before applying

• Trigger: Manual workflow dispatch
• Purpose: Destroy all infrastructure resources
• Safety: Requires typing "DESTROY" to confirm
• Validation: Format, TFLint, validation before destroying

Configure these secrets in your repository settings:

# Repository Settings > Secrets and variables > Actions
TF_API_TOKEN=your-terraform-cloud-token
LAMBDALABS_API_KEY=your-lambda-cloud-api-key

Create a production environment with protection rules:

1. Go to Settings > Environments > New environment
2. Name: production
3. Protection rules:
   • ✅ Required reviewers (add yourself/team)
   • ✅ Wait timer: 0 minutes
   • ⚠️ Deployment branches: Only main branch

Protect the main branch:

1. Go to Settings > Branches > Add rule
2. Branch name pattern: main
3. Protection settings:
   • ✅ Require pull request reviews before merging
   • ✅ Require status checks to pass before merging
   • ✅ Require linear history
   • ✅ Include administrators

1. Create Feature Branch

   git checkout -b feature/add-gpu-instance
   # Make infrastructure changes
   git push origin feature/add-gpu-instance

2. Open Pull Request

   • GitHub Actions automatically runs terraform plan
   • Plan output commented on PR
   • Review plan for costs and changes

3. Review and Approve

   • Team reviews infrastructure changes
   • Approve PR when plan looks correct
   • Merge to main branch

4. Automatic Deployment

   • Merge triggers terraform apply workflow
   • Manual approval required in production environment
   • Infrastructure deployed after approval

# Via GitHub UI:
# Actions > Terraform Destroy > Run workflow
# Input: "DESTROY"

• Plan Comments: Include cost estimates
• Automatic Destruction: Manual workflow for cleanup
• Resource Tracking: Output important resource details
• Usage Reminders: Comments include cost reminders

• Environment Protection: Manual approval for production
• Secret Management: Terraform Cloud token and API keys secured
• Branch Protection: Prevents direct pushes to main
• Plan Review: All changes reviewed before application
• TFLint Security Rules: Automated security scanning
• Sensitive Data Detection: Scans for hardcoded secrets
• Repository-wide Validation: All Terraform files checked

• Actions Tab: See all workflow runs
• Pull Requests: Plan output in comments
• Environments: Track production deployments

• Remote State: All state managed in Terraform Cloud
• Execution History: View runs in Terraform Cloud console
• Team Collaboration: Shared workspace access

1. Terraform Cloud Authentication

   # Check TF_API_TOKEN secret is set correctly
   # Verify Terraform Cloud organization/workspace names

2. Lambda Cloud API Issues

   # Verify LAMBDALABS_API_KEY secret
   # Check Lambda Cloud account status

3. GitHub Environment Issues

   # Ensure 'production' environment exists
   # Verify environment protection rules
   # Check reviewer assignments

1. Failed Apply: Check Terraform Cloud console for detailed logs
2. Stuck Resources: Use manual terraform destroy workflow
3. Cost Overrun: Immediately run destroy workflow
4. Authentication Issues: Rotate secrets and update GitHub

• Always Review Plans: Never merge without reviewing Terraform plan
• Cost Awareness: Monitor GPU instance costs ($0.50-1.10/hour)
• Resource Cleanup: Destroy resources when not in use
• Branch Hygiene: Use descriptive branch names and PR titles
• Documentation: Update this README for workflow changes
• Format Before Commit: Run terraform fmt -recursive . before committing
• Lint Locally: Run tflint in your directories before pushing
• No Hardcoded Secrets: Use variables and environment variables

Convenience scripts for local development:

# Format all Terraform files
./.github/scripts/terraform-format-all.sh

# Validate all Terraform configurations
./.github/scripts/terraform-validate-all.sh

• Terraform Cloud Documentation
• GitHub Actions Documentation
• Lambda Cloud Documentation
• Terraform GitHub Actions
• TFLint Documentation
• TFLint Rules