This repository contains reusable GitHub Actions workflows for the makeitworkcloud organization.
Agents are authorized to push directly to main in this repository.
Reusable workflow for OpenTofu/Terraform root module repositories (tfroot-*). It:
- Fetches the canonical pre-commit config from
makeitworkcloud/images - Runs pre-commit on the
arc-tfrunner pod (which is itself thetfroot-runnerimage — no nestedcontainer:block) - Posts plan output as PR comments
- Applies on merge to main
Pre-commit configuration is centralized in makeitworkcloud/images/tfroot-runner/pre-commit-config.yaml. Do not add .pre-commit-config.yaml to individual tfroot repos.
| Input | Default | Description |
|---|---|---|
runs-on |
arc-tf |
Runner label — the in-cluster ARC scale set whose pods run the tfroot-runner image |
setup-ssh |
false |
Provision an SSH key + known_hosts for libvirt-style root modules |
environment |
production |
Environment for the apply job |
There is no container input. The arc-tf runner pod IS the image, so adding container: on top would nest a container inside a container — don't do it.
The tfroot-runner image is missing or the tag is wrong. Check:
- Did the
imagesrepobuildahworkflow succeed for the latest commit? - Is the runner template image tag in
kustomize-cluster/workloads/arc/arc-tf-application.yamlresolvable on GHCR (ghcr.io/makeitworkcloud/tfroot-runner:latest)?
If hooks fail with missing tools or config mismatches:
- Verify the canonical config in
images/tfroot-runner/pre-commit-config.yaml - Rebuild
tfroot-runnerimage if hooks were added/updated
images- Containstfroot-runnerimage and canonical pre-commit configtfroot-cloudflare,tfroot-libvirt,tfroot-github,tfroot-aws- Terraform root module repos that consume this workflow