A reusable GitHub Actions workflow that automatically opens pull requests to keep Terraform module versions up to date, for both GitHub-hosted and Terraform Registry modules.
This project follows SemVer and publishes two tag types with different semantics:
vX.Y.Z(for examplev1.4.2) is an immutable release point.vX(for examplev1) is a mutable channel tag that moves to the latest stablevX.Y.Zrelease.
Use @v1 to track the latest non-breaking updates, or pin to a full commit SHA for maximum reproducibility. See Consumer Setup for pinning strategies.
- Create a manifest at
.github/update-modules-manifest.ymllisting the modules to manage. - Declare permissions — your workflow job needs
contents: writeandpull-requests: write. - Call the workflow using the
@v1tag or a pinned commit SHA.
jobs:
update:
permissions:
contents: write
pull-requests: write
uses: datasciencecampus/update-tf-modules/.github/workflows/update-tf-modules.yml@v1
with:
manifest_path: .github/update-modules-manifest.yml
terraform_root: terraform
create_pr: trueNew here? The Getting Started Tutorial walks you through this step by step.
| Getting Started Tutorial | Step-by-step: from zero to your first automated update PR |
| Consumer Setup | Full integration guide, all inputs, outputs and pinning options |
| Manifest Schema | Complete reference for the manifest file format |
| Architecture & Design | How the tool works internally and why |
| Permissions & Troubleshooting | Error diagnosis, token configuration and debugging |
PR creation failed? Check your job permissions (need contents: write and pull-requests: write) and token scope. See Permissions & Troubleshooting.
Module updates not detected? Verify manifest syntax and file paths. See Manifest Schema for validation rules.
Something else? See Architecture & Design for how module types, version discovery and file scanning work.