Sample project demonstrating how to safely run and test GitHub Actions locally with act in local environment before check-in the code.
✅ Test GitHub Actions locally.
🔐 Avoid cloud costs.
🧪 Validate functional changes safely.
🖥️ Works on private environments.
This repository demonstrates how to:
- Use
actto run GitHub Actions locally. - Test Terraform workflows safely without applying real infrastructure.
- Work in secure, private, or self-hosted runner environments.
- Validate modules, backends, and plans with dummy credentials and local state.
- Docker installed locally
actinstalled (docs)- Terraform CLI installed (
>= 1.3.0) - Linux or macOS (Windows via WSL works too)
- Optional: self-hosted GitHub Actions runner
.
├── .github/workflows/terraform.yml # GitHub Actions workflow
├── main.tf # Terraform example
├── backend.tf # Local backend config
├── variables.tf # Input variables
├── .secrets.dummy # Fake credentials for act
└── README.md
---
## 🚀 Running Locally with `act`
### 🧪 Dry Run Plan
```bash
act workflow_dispatch \
-P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest \
--secret-file .secrets.dummy \
--env DRY_RUN=true✅ No real cloud infra is touched! Uses local backend and fake secrets.
| Scenario | Recommendation |
|---|---|
| Avoid real infra changes | Use terraform plan, local backend, dummy secrets |
| Test apply logic | Wrap in if: env.DRY_RUN != 'true' |
| Network-sensitive | Run with --bind or isolate Docker network |
| Debug failures | Add --verbose to act or run in bash container |
act enables fast, cost-free testing of GitHub Actions workflows. Combined with Terraform and local backends, it lets you:
-
Catch errors early
-
Avoid cloud billing
-
Safely debug changes
| 🔧 Category | 🧪 Command | 💬 Description |
|---|---|---|
| Run default workflow | act |
Runs default event (push) using default runner (ubuntu-latest) |
| Run specific event | act pull_request |
Simulates a pull_request event |
act workflow_dispatch |
Simulates a workflow_dispatch (manual trigger) |
|
| Run specific job | act -j terraform |
Runs only the terraform job |
| Use custom runner image | act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest |
Uses a GitHub-hosted runner-like Docker image |
| Use secrets inline | act -s GITHUB_TOKEN=mytoken -s ARM_CLIENT_ID=fake |
Passes secrets directly in the command |
| Use secrets from file | act --secret-file .secrets.dummy |
Loads secrets from a file |
| Set env variables | act --env DRY_RUN=true |
Sets environment variable DRY_RUN=true |
| Specify workflow file | act -W .github/workflows/terraform.yml |
Explicitly runs a specific workflow file |
| Verbose/debug mode | act --verbose |
Enables verbose output for debugging |
| Mount local volume | act -v $(pwd):/github/workspace |
Mounts local working directory inside the container |
| Run from Docker manually | docker run --rm -it -v $(pwd):/github/workspace your-act-image act workflow_dispatch |
Manually runs act from a Docker container |
- Test from secure/self-hosted runners
-
[GitHub Actions Docs] (https://docs.github.com/en/actions)
-
[Terraform Docs] (https://developer.hashicorp.com/terraform/docs)
This project is licensed under the MIT - see the LICENSE file for details.
Please replace https://github.com/premkumar-palanichamy/gh-act-sandbox with the URL of your Git repository if you have one. This README provides a comprehensive guide to your Git Mirroring concept and can be extended or modified as needed.
