Skip to main content
Automate Terraform plan and apply for your DevHelm resources in GitHub Actions, GitLab CI, or any CI system.

GitHub Actions

name: Terraform Monitoring
on:
  push:
    branches: [main]
    paths: ['terraform/monitoring/**']
  pull_request:
    paths: ['terraform/monitoring/**']

jobs:
  terraform:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: terraform/monitoring
    env:
      DEVHELM_API_TOKEN: ${{ secrets.DEVHELM_API_TOKEN }}

    steps:
      - uses: actions/checkout@v4

      - uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.9

      - name: Init
        run: terraform init

      - name: Plan
        run: terraform plan -out=tfplan
        if: github.event_name == 'pull_request'

      - name: Apply
        run: terraform apply -auto-approve
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'

GitLab CI

stages:
  - plan
  - apply

variables:
  TF_DIR: terraform/monitoring
  DEVHELM_API_TOKEN: $DEVHELM_API_TOKEN

plan:
  stage: plan
  image: hashicorp/terraform:1.9
  script:
    - cd $TF_DIR
    - terraform init
    - terraform plan -out=tfplan
  artifacts:
    paths: [terraform/monitoring/tfplan]

apply:
  stage: apply
  image: hashicorp/terraform:1.9
  script:
    - cd $TF_DIR
    - terraform init
    - terraform apply -auto-approve tfplan
  when: manual
  only: [main]

State backend

For team use, configure a remote state backend: 
terraform {
  backend "s3" {
    bucket = "mycompany-terraform-state"
    key    = "devhelm/monitoring.tfstate"
    region = "us-east-1"
  }
}
Other options include Terraform Cloud, GCS, or Azure Blob Storage.

Sensitive variables

Pass the API token as an environment variable — never hardcode it: 
provider "devhelm" {
  # Reads from DEVHELM_API_TOKEN env var automatically
}
For other sensitive values (webhook URLs, routing keys), use Terraform variables with sensitive = true: 
variable "slack_webhook_url" {
  type      = string
  sensitive = true
}

PR plan comments

Use the terraform-plan-comment action to post plan output on pull requests: 
      - name: Plan
        id: plan
        run: terraform plan -no-color -out=tfplan

      - uses: borchero/terraform-plan-comment@v2
        with:
          token: ${{ github.token }}
          planfile: terraform/monitoring/tfplan

Next steps

Terraform overview

Provider setup and resource reference.

Importing resources

Bring existing resources under Terraform management.