Automate Terraform with CI/CD pipelines, GitOps, Atlantis, and deployment workflows
View on GitHubpluginagentmarketplace/custom-plugin-terraform
terraform-assistant
January 20, 2026
Select agents to install to:
npx add-skill https://github.com/pluginagentmarketplace/custom-plugin-terraform/blob/main/skills/terraform-cicd/SKILL.md -a claude-code --skill terraform-cicdInstallation paths:
.claude/skills/terraform-cicd/# Terraform CI/CD Skill
Production CI/CD patterns for automated Terraform deployments.
## GitHub Actions
### PR Validation
```yaml
# .github/workflows/terraform-pr.yml
name: Terraform PR
on:
pull_request:
paths: ['terraform/**']
permissions:
contents: read
pull-requests: write
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- name: Format Check
run: terraform fmt -check -recursive
- name: Init
run: terraform init -backend=false
- name: Validate
run: terraform validate
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aquasecurity/tfsec-action@v1.0.3
- uses: bridgecrewio/checkov-action@v12
with:
directory: terraform/
plan:
needs: [validate, security]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: us-east-1
- uses: hashicorp/setup-terraform@v3
- run: terraform init
- run: terraform plan -no-color | tee plan.txt
- uses: actions/github-script@v7
with:
script: |
const plan = require('fs').readFileSync('plan.txt', 'utf8');
github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
body: '```\n' + plan.slice(0, 60000) + '\n```'
});
```
### Deploy Workflow
```yaml
# .github/workflows/terraform-apply.yml
name: Terraform Apply
on:
push:
branches: [main]
paths: ['terraform/**']
concurrency:
group: terraform-${{ github.ref }}
cancel-in-progress: false
jobs:
apply:
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4