I’m trying to figure out a reasonable branching strategy for GitHub Actions using Terraform with multiple environments. In my previous company, we used Atlantis and had a more traditional setup where you have a directory per environment (i.e. ./dev and ./prod). I’ve been using Terraform Workspaces in my new repository and really like that approach better as it leads to a lot less duplication and ensures consistency between environments.
My current GH action setup is basically the same as Automate Terraform with GitHub Actions | Terraform - HashiCorp Learn where I’m setting TF_WORKSPACE to “dev” where PRs run plan and merges to main run apply. I’m now trying to think through how I want this to work with production. A couple things I want:
- I want to be able to push dev changes first prior to pushing prod so I don’t want prod changes running at the same time
- I want to keep the PR workflow so that you can run plan on a PR and potentially require a code review to merge to prod
My current solution is to create a “tf_prod” branch and have pull requests open from “main” to “tf_prod”, but I was curious how others are solving this. For posterity, I’m sharing my whole GH action in case it helps anyone else out in the future. Thanks for your thoughts!