This repository contains reusable GitHub Actions workflows for the makeitworkcloud organization.
Agents are authorized to push directly to main in this repository.
Reusable workflow for OpenTofu/Terraform root module repositories (tfroot-*). It:
- Fetches canonical pre-commit config from
makeitworkcloud/imagesrepo - Runs pre-commit tests using the
tfroot-runnercontainer image - Posts plan output as PR comments
- Applies on merge to main
Pre-commit configuration is centralized in makeitworkcloud/images/tfroot-runner/pre-commit-config.yaml. Do not add .pre-commit-config.yaml to individual tfroot repos.
| Input | Default | Description |
|---|---|---|
runs-on |
ubuntu-latest |
Runner label |
container |
ghcr.io/makeitworkcloud/tfroot-runner:latest |
Container image |
setup-ssh |
false |
Whether to setup SSH keys |
environment |
production |
Environment for apply job |
Note: tfroot-libvirt overrides container to use the internal OpenShift registry because it requires SSH access to libvirt hosts from a self-hosted runner.
The tfroot-runner image doesn't exist yet. Check:
- Did the
imagesrepo Build workflow succeed? - Did the
imagesrepo Pull workflow import to OpenShift? (check logs for actual metadata, not "Unable to connect" errors)
If hooks fail with missing tools or config mismatches:
- Verify the canonical config in
images/tfroot-runner/pre-commit-config.yaml - Rebuild
tfroot-runnerimage if hooks were added/updated
images- Containstfroot-runnerimage and canonical pre-commit configtfroot-cloudflare,tfroot-libvirt,tfroot-github,tfroot-aws- Terraform root module repos that consume this workflow