Deploy Plugins

Cloud provisioning, Kubernetes, serverless, and database migration plugins.

flowchart TB
    Deploy[Deploy Plugins]
    Deploy --> Cloud[Cloud Providers]
    Deploy --> K8s[Kubernetes]
    Deploy --> DB[Database Migration]
    Deploy --> Serverless[Serverless]
    Deploy --> AWS[AWS Services]

    Cloud --> terraform & cloudformation & gcloud-deploy & azure-deploy & pulumi
    K8s --> kubectl-deploy & helm-deploy
    DB --> flyway
    Serverless --> serverless-framework & lambda-deploy
    AWS --> ecs-deploy & cdk-deploy & cdk-deploy-multi-region

Cloud Providers

Plugin	Provider	Compute	Secrets	Key Env Vars
terraform	HashiCorp	MEDIUM	AWS: IAM role	TF_VERSION, TF_WORKING_DIR, TF_ACTION, TF_VAR_FILE, TF_AUTO_APPROVE
cloudformation	AWS	SMALL	AWS: IAM role	CFN_TEMPLATE, CFN_STACK_NAME, CFN_ACTION, CFN_PARAMETERS, CFN_REGION
gcloud-deploy	GCP	MEDIUM	GOOGLE_APPLICATION_CREDENTIALS	GCP_PROJECT, GCP_REGION, DEPLOY_TYPE
azure-deploy	Azure	MEDIUM	AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID	AZURE_SUBSCRIPTION, AZURE_RESOURCE_GROUP, DEPLOY_TYPE
pulumi	Pulumi	MEDIUM	PULUMI_ACCESS_TOKEN	PULUMI_STACK, PULUMI_ACTION, PULUMI_WORK_DIR

Kubernetes

Plugin	Method	Compute	Secrets	Key Env Vars
kubectl-deploy	kubectl apply	SMALL	KUBECONFIG_DATA (base64)	KUBE_CONTEXT, KUBE_NAMESPACE, MANIFEST_PATH, DEPLOY_ACTION
helm-deploy	Helm charts	SMALL	KUBECONFIG_DATA (base64)	HELM_RELEASE, HELM_CHART, HELM_NAMESPACE, HELM_VALUES_FILE

Database Migration

Plugin	Tool	Compute	Secrets	Key Env Vars
flyway	Flyway	SMALL	FLYWAY_USER, FLYWAY_PASSWORD	FLYWAY_URL, FLYWAY_LOCATIONS, FLYWAY_SCHEMAS, FLYWAY_ACTION

Serverless

Plugin	Platform	Compute	Secrets	Key Env Vars
lambda-deploy	AWS Lambda	SMALL	None (AWS IAM)	LAMBDA_FUNCTION, LAMBDA_PACKAGE_TYPE, LAMBDA_ALIAS, LAMBDA_PUBLISH
serverless-framework	AWS/Azure/GCP	MEDIUM	None	SLS_STAGE, SLS_REGION, SLS_SERVICE_PATH

AWS Services

Plugin	Service	Compute	Secrets	Key Env Vars
ecs-deploy	Amazon ECS	SMALL	None (AWS IAM)	ECS_CLUSTER, ECS_SERVICE, ECS_TASK_FAMILY, IMAGE_URI
cdk-deploy	AWS CDK	MEDIUM	None (AWS IAM)	CDK_DEPLOY_ACTION, CDK_STACK, CDK_REQUIRE_APPROVAL, CDK_HOTSWAP
cdk-deploy-multi-region	AWS CDK	LARGE	None (AWS IAM)	CDK_REGIONS, CDK_PRIMARY_REGION, CDK_DEPLOY_STRATEGY, CDK_ROLLBACK_ON_FAILURE

Deploy Types

gcloud-deploy

The DEPLOY_TYPE env var selects the GCP deployment target:

Deploy Type	Description
app-engine	Deploy to Google App Engine
cloud-run	Deploy a container to Cloud Run
gke	Deploy to Google Kubernetes Engine
compute	Deploy to Compute Engine instances

azure-deploy

The DEPLOY_TYPE env var selects the Azure deployment target:

Deploy Type	Description
webapp	Deploy to Azure App Service
container-instances	Deploy to Azure Container Instances
aks	Deploy to Azure Kubernetes Service
function	Deploy to Azure Functions

Terraform Actions

flowchart LR
    Init[terraform init] --> Lint[TFLint]
    Lint --> Sec[tfsec]
    Sec --> Action{TF_ACTION}
    Action -->|plan| Plan[terraform plan]
    Action -->|apply| Apply[terraform apply]
    Action -->|destroy| Destroy[terraform destroy]
    Plan --> Report[Save Plan Output]
    Apply --> Deployed([Infrastructure Deployed])
    Destroy --> Removed([Infrastructure Removed])

The TF_ACTION env var controls which Terraform operation is executed:

Action	Description
plan	Generate and display an execution plan without making changes
apply	Apply the planned changes to infrastructure
destroy	Destroy all resources managed by the Terraform configuration

TF_AUTO_APPROVE=true gates the mutating actions as a safety guard. When apply runs without it, the step safely falls back to terraform plan instead of changing infrastructure; when destroy runs without it, the step fails fast with an error rather than tearing down resources.

The Terraform plugin also runs TFLint for configuration linting and tfsec for static security analysis on every execution, writing JSON results to tf-output/ alongside the saved plan. Plugin defaults are Terraform 1.10.3 (overridable via TF_VERSION, with tfenv selecting the version at runtime) and a 45-minute step timeout.