GitHub action to create a new terraform workspace
This is one of a suite of Terraform related actions - find them at dflook/terraform-github-actions.
Creates a new Terraform workspace. If the workspace already exists, succeeds without doing anything.
path
The path to the Terraform root module directory.
workspace
The name of the Terraform workspace to create.
backend_config
List of Terraform backend config values, one per line.
with:backend_config: token=${{ secrets.BACKEND_TOKEN }}
backend_config_file
List of Terraform backend config files to use, one per line.
Paths should be relative to the GitHub Actions workspace
with:backend_config_file: prod.backend.tfvars
GITHUB_DOT_COM_TOKEN
This is used to specify a token for GitHub.com when the action is running on a GitHub Enterprise instance.
This is only used for downloading OpenTofu binaries from GitHub.com.
If this is not set, an unauthenticated request will be made to GitHub.com to download the binary, which may be rate limited.
TERRAFORM_CLOUD_TOKENS
API tokens for cloud hosts, of the form <host>=<token>. Multiple tokens may be specified, one per line.
These tokens may be used with the remote backend and for fetching required modules from the registry.
e.g:
env:TERRAFORM_CLOUD_TOKENS: app.terraform.io=${{ secrets.TF_CLOUD_TOKEN }}
With other registries:
env:TERRAFORM_CLOUD_TOKENS: |app.terraform.io=${{ secrets.TF_CLOUD_TOKEN }}terraform.example.com=${{ secrets.TF_REGISTRY_TOKEN }}
TERRAFORM_SSH_KEY
A SSH private key that Terraform will use to fetch git/mercurial module sources.
This should be in PEM format.
For example:
env:TERRAFORM_SSH_KEY: ${{ secrets.TERRAFORM_SSH_KEY }}
TERRAFORM_HTTP_CREDENTIALS
Credentials that will be used for fetching modules sources with git:, 
//git:, 
//http:// & https:// schemes.
Credentials have the format <host>=<username>:<password>. Multiple credentials may be specified, one per line.
Each credential is evaluated in order, and the first matching credentials are used.
Credentials that are used by git (git:, //git:) allow a path after the hostname.//
Paths are ignored by http:// & https:// schemes.
For git module sources, a credential matches if each mentioned path segment is an exact match.
For example:
env:TERRAFORM_HTTP_CREDENTIALS: |example.com=dflook:${{ secrets.HTTPS_PASSWORD }}github.com/dflook/terraform-github-actions.git=dflook-actions:${{ secrets.ACTIONS_PAT }}github.com/dflook=dflook:${{ secrets.DFLOOK_PAT }}github.com=graham:${{ secrets.GITHUB_PAT }}
TERRAFORM_PRE_RUN
A set of commands that will be ran prior to terraform init. This can be used to customise the environment before running Terraform.
The runtime environment for these actions is subject to change in minor version releases. If using this environment variable, specify the minor version of the action to use.
The runtime image is currently based on debian:bookworm, with the command run using bash -xeo pipefail.
For example:
env:TERRAFORM_PRE_RUN: |# Install latest Azure CLIcurl -skL https://aka.ms/InstallAzureCLIDeb | bash# Install postgres clientapt-get install -y --no-install-recommends postgresql-client
This example creates a workspace named after the git branch when the
associated PR is opened or updated, and deploys a test environment to it.
name: Run integration testson: [pull_request]jobs:integration:runs-on: ubuntu-latestname: Run integration testssteps:- name: Checkoutuses: actions/checkout@v4- name: Use branch workspaceuses: dflook/terraform-new-workspace@v2with:path: terraformworkspace: ${{ github.head_ref }}- name: Deploy test infrastrucutreuses: dflook/terraform-apply@v2with:path: terraformworkspace: ${{ github.head_ref }}auto_approve: true