Uptime/
Docs
Sign in

CI/CD Automation

Keep your monitoring configuration in sync with deployments by running Terraform in CI/CD pipelines. This guide shows how to set up GitHub Actions with project tokens.

Project Tokens

Project tokens are designed for machine authentication. Unlike user API tokens, they are scoped to a single organization and don't require an org_id.

provider.tfhcl
provider "uptime" {
  # host and project_token from environment variables:
  #   UPTIME_HOST
  #   UPTIME_PROJECT_TOKEN
}

Never hardcode tokens

Always use environment variables or a secrets manager to provide tokens. Never commit tokens to version control.

Terraform Configuration

Place your monitoring Terraform configuration in a dedicated directory (e.g., monitoring/) alongside your application code. Use a remote backend for state storage.

monitoring/main.tfhcl
terraform {
  required_providers {
    uptime = {
      source = "registry.terraform.io/skunkworq/uptime"
    }
  }

  backend "gcs" {
    bucket = "my-terraform-state"
    prefix = "uptime"
  }
}

provider "uptime" {}

resource "uptime_service" "api" {
  name        = "API Server"
  url         = "https://api.example.com"
  description = "Main API gateway"
  is_public   = true
}

resource "uptime_check" "api_health" {
  service_id       = uptime_service.api.id
  name             = "HTTP Health Check"
  type             = "uptime"
  interval_seconds = 60
  timeout_seconds  = 30

  uptime_config {
    method                = "GET"
    expected_status_codes = [200]
    verify_ssl            = true
  }
}

resource "uptime_alert" "api_down" {
  check_id       = uptime_check.api_health.id
  name           = "API Down"
  condition_type = "consecutive_failures"

  consecutive_failures_config {
    count = 3
  }

  channel {
    type   = "email"
    target = "ops@example.com"
  }
}

GitHub Actions Workflow

This workflow runs terraform plan on pull requests and terraform apply on merge to main.

.github/workflows/monitoring.ymlyaml
name: Terraform Monitoring

on:
  push:
    branches: [main]
    paths:
      - 'monitoring/**'
  pull_request:
    paths:
      - 'monitoring/**'

jobs:
  terraform:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: monitoring

    steps:
      - uses: actions/checkout@v4

      - uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: "1.7"

      - name: Terraform Init
        run: terraform init

      - name: Terraform Plan
        if: github.event_name == 'pull_request'
        run: terraform plan -no-color
        env:
          UPTIME_HOST: ${{ vars.UPTIME_HOST }}
          UPTIME_PROJECT_TOKEN: ${{ secrets.UPTIME_PROJECT_TOKEN }}

      - name: Terraform Apply
        if: github.ref == 'refs/heads/main'
        run: terraform apply -auto-approve
        env:
          UPTIME_HOST: ${{ vars.UPTIME_HOST }}
          UPTIME_PROJECT_TOKEN: ${{ secrets.UPTIME_PROJECT_TOKEN }}

Secrets Configuration

In your GitHub repository settings, add UPTIME_PROJECT_TOKEN as a repository secret and UPTIME_HOST as a repository variable.

Best Practices

  • Scope paths — only trigger the workflow when monitoring config files change
  • Plan on PR — review monitoring changes before they're applied
  • Remote state — use a remote backend (GCS, S3) to share state across team members
  • Pin versions — pin the Terraform and provider versions for reproducible builds

Related