plan apply end to end - hyperfocus/porc GitHub Wiki
End-to-End Terraform Plan & Apply Flow with PORC + GitHub
This document explains how Terraform infrastructure is rendered, planned, and applied using a hybrid approach that includes PORC, GitHub Actions, and Terraform Enterprise.
Overview
- PORC renders Terraform configurations from a blueprint
- GitHub Actions optionally execute
terraform planandterraform apply - Terraform Enterprise stores the remote workspace, state, and executes runs
- Approval flow is controlled by PORC, optionally requiring change record validation (e.g., ServiceNow)
Step-by-Step Flow
- Blueprint submitted via GitHub or Port webhook
- PORC validates blueprint and generates
.tfand.tfvars.json - GitHub workflow runs
terraform planusingbackend.hcl - PORC logs plan result and tracks hash/approval
- GitHub or PORC triggers
applyif plan was successful - Sentinel policies run automatically in TFE
- Results are logged, monitored, and auditable
Decision Matrix
| Step | Controlled By | Audit Location | Alternate Option |
|---|---|---|---|
| Render | PORC | Mongo | None |
| Plan | GitHub / PORC | GitHub Logs / Mongo | Native Terraform Cloud |
| Approval | PORC | ServiceNow / Mongo | GitHub PR review |
| Apply | GitHub / PORC | GitHub / Mongo | Terraform UI button |
| Policies | Terraform | TFE Sentinel logs | None |
Blueprint Lifecycle (PORC and TFE)
pine submit→ sends blueprint to PORCpine build→ PORC renders templates and uploads to TFE as config versionpine plan→ triggers a remote TFE planpine apply→ applies the changes if approved
Sentinel policies are enforced during TFE plan/apply runs.