Skip to content

CI/CD and reusable workflows

Here's an overview of what can be accomplished with workflows in reusable-workflows. Templates for the use cases can be found in the templates directory.

For questions, suggestions or any other feedback, please create a new discussion in the reusable-workflows repository.


Many of the workflows utilize GitHub deployment environments to enforce manual approvals before executing jobs. This helps to reduce the risk of unintended changes and makes it less of a leap of faith to deploy Terraform code. Use the Slack integration to streamline this process.

Build a Docker image and push it to ECR

In your application repository:

  • Set up a GitHub deployment environment with a secret named AWS_ROLE_ARN. The role must allow you to push the Docker image to your ECR application repository.
  • Call docker_build_push.yml from your own workflow.

Trigger a Terraform apply in another repository


  • Set up a GitHub deployment environment with a secret named AWS_ROLE_ARN in the other repository.
  • Send a repository_dispatch event to another repository.
  • Set up a workflow in the other repository that triggers on repository_dispatch events. As part of this workflow:
  • Update the image SHA in the other repository.
  • Run Terraform with terraform_plan_apply.yml on the updated infrastructure code.

Run Terraform for each stack with changed files


  • Set up multiple GitHub deployment environments with a secret named AWS_ROLE_ARN.
  • Create a job matrix for changed files. The team recommenddorny/paths-filter.
  • For each stack in the matrix, call terraform_plan_apply.yml.

This will let you run Terraform for each stack that has changed files, because a GitHub Actions job matrix is like a foreach loop.

You can find an example of this by looking at cd_terraform_matrix.yml in the repository anders-iac.

In a pull request

The setup mentioned above can be used for pull requests as well. You just need to set up a calling workflow that runs on pull request events. The plan will be visible in the workflow summary.