Skip to content

Custom plan and apply steps

Terrateam’s custom plan and apply steps feature allows you to customize your Terraform plan and apply workflows by adding custom steps, such as running scripts, setting environment variables, or integrating with other tools. This can help you tailor your Terraform workflow to your specific needs and automate complex processes.

Configuring custom steps

To configure custom plan and apply steps, you need to modify your Terrateam configuration file (.terrateam/config.yml).

workflows:
  - tag_query: prod
    plan:
      - type: init
      - type: run
        cmd: ['./scripts/pre-plan.sh']
      - type: plan
      - type: run
        cmd: ['./scripts/post-plan.sh']
    apply:
      - type: init
      - type: run
        cmd: ['./scripts/pre-apply.sh']
      - type: apply
      - type: run
        cmd: ['./scripts/post-apply.sh']

In this example, we define custom steps for both the plan and apply workflows:

  • pre-plan.sh: A script that runs before the Terraform plan step.
  • post-plan.sh: A script that runs after the Terraform plan step.
  • pre-apply.sh: A script that runs before the Terraform apply step.
  • post-apply.sh: A script that runs after the Terraform apply step.

Custom step types

Terrateam supports several types of custom steps that you can use in your workflows:

Run

The run step allows you to execute a command or script as part of your workflow.

- type: run
  cmd: ['./scripts/my-script.sh']
  • cmd: The command to run, specified as an array of strings.

Env

The env step allows you to set environment variables that will be available to subsequent steps in your workflow.

- type: env
  name: MY_VAR
  cmd: ['echo', 'my-value']
  • name: The name of the environment variable to set.
  • cmd: The command to run to generate the value of the environment variable.

OIDC

The oidc step allows you to authenticate with a cloud provider using OpenID Connect (OIDC).

- type: oidc
  provider: aws
  role_arn: arn:aws:iam::123456789012:role/my-role
  • provider: The cloud provider to authenticate with.
  • role_arn: The ARN of the role to assume.

Example workflow

  1. Open a pull request with changes to your Terraform code.

  2. Terrateam triggers the custom plan workflow:

    1. Runs the pre-plan.sh script.
    2. Runs terraform init.
    3. Runs terraform plan.
    4. Runs the post-plan.sh script.

  3. Review the plan output and collaborate with your team to ensure the changes are as expected.

  4. Once the pull request is approved and merged, Terrateam triggers the custom apply workflow:

    1. Runs the pre-apply.sh script.
    2. Runs terraform init.
    3. Runs terraform apply.
    4. Runs the post-apply.sh script.

  5. Terrateam comments on the merged pull request with the apply output, confirming that the changes have been applied.

Considerations

  • Custom steps can access sensitive information, such as secrets and environment variables. Make sure to properly secure your scripts and avoid leaking sensitive information in logs or output.
  • If a custom step fails, Terrateam will abort the workflow and comment on the pull request with the error details. You may need to manually intervene to resolve the issue and re-run the workflow.
  • Use dirs and tags to selectively apply custom steps to specific directories or workspaces.

Best practices

  • Store your custom scripts in a separate directory, such as scripts/, to keep your Terraform code organized.
  • Use hooks to run custom steps before or after specific events, such as plan or apply.
  • Use environment variables to pass configuration or secrets to your custom steps, rather than hardcoding them in your scripts.
We use cookies and similar technologies to provide certain features, enhance the user experience and deliver content that is relevant to your interests. Depending on their purpose, analysis and marketing cookies may be used in addition to technically necessary cookies. By clicking on "Agree and continue", you declare your consent to the use of the aforementioned cookies. Here you can make detailed settings or revoke your consent (in part if necessary) with effect for the future. For further information, please refer to our Privacy Policy .