Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.devhelm.io/llms.txt

Use this file to discover all available pages before exploring further.

Automate Terraform plan and apply for your DevHelm resources in GitHub Actions, GitLab CI, or any CI system.

GitHub Actions

name: Terraform Monitoring
on:
  push:
    branches: [main]
    paths: ['terraform/monitoring/**']
  pull_request:
    paths: ['terraform/monitoring/**']

jobs:
  terraform:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: terraform/monitoring
    env:
      DEVHELM_API_TOKEN: ${{ secrets.DEVHELM_API_TOKEN }}

    steps:
      - uses: actions/checkout@v4

      - uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.9

      - name: Init
        run: terraform init

      - name: Plan
        run: terraform plan -out=tfplan
        if: github.event_name == 'pull_request'

      - name: Apply
        run: terraform apply -auto-approve
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'

GitLab CI

stages:
  - plan
  - apply

variables:
  TF_DIR: terraform/monitoring
  DEVHELM_API_TOKEN: $DEVHELM_API_TOKEN

plan:
  stage: plan
  image: hashicorp/terraform:1.9
  script:
    - cd $TF_DIR
    - terraform init
    - terraform plan -out=tfplan
  artifacts:
    paths: [terraform/monitoring/tfplan]

apply:
  stage: apply
  image: hashicorp/terraform:1.9
  script:
    - cd $TF_DIR
    - terraform init
    - terraform apply -auto-approve tfplan
  when: manual
  only: [main]

State backend

For team use, configure a remote state backend: 
terraform {
  backend "s3" {
    bucket = "mycompany-terraform-state"
    key    = "devhelm/monitoring.tfstate"
    region = "us-east-1"
  }
}
Other options include Terraform Cloud, GCS, or Azure Blob Storage.

Sensitive variables

Pass the API token as an environment variable — never hardcode it: 
provider "devhelm" {
  # Reads from DEVHELM_API_TOKEN env var automatically
}
For other sensitive values (webhook URLs, routing keys), use Terraform variables with sensitive = true: 
variable "slack_webhook_url" {
  type      = string
  sensitive = true
}

PR plan comments

Use the terraform-plan-comment action to post plan output on pull requests: 
      - name: Plan
        id: plan
        run: terraform plan -no-color -out=tfplan

      - uses: borchero/terraform-plan-comment@v2
        with:
          token: ${{ github.token }}
          planfile: terraform/monitoring/tfplan

Next steps

Terraform overview

Provider setup and resource reference.

Importing resources

Bring existing resources under Terraform management.