uses variables for a terraform organization and workspace

.github/CONTRIBUTING.md

@@ -152,8 +152,18 @@ On the host,
 
 # [integration tests](workflows/integration-tests.yml) in GitHub Actions
 
-1. if the team API token of HCP Terraform in
-the repository secret `HCP_TERRAFORM_TEAM_TOKEN`
-is expired, regenerate a token and set it.
-1. open a pull request
-1. check the GitHub Actions workflows
+1. [set a repository secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository)
+
+| name | value |
+| ---- | ----- |
+| `HCP_TERRAFORM_TEAM_TOKEN` | HCP Terraform team API token |
+
+2. [set a repository variable](https://docs.github.com/en/actions/how-tos/write-workflows/choose-what-workflows-do/use-variables#creating-configuration-variables-for-a-repository)
+
+| name | value |
+| ---- | ----- |
+| `TEST_TERRAFORM_ORGANIZATION` | terraform organization name |
+| `TEST_TERRAFORM_WORKSPACE` | terraform workspace name |
+
+3. open a pull request
+4. check the GitHub Actions workflows

.github/workflows/integration-tests.yml

@@ -1,49 +1,38 @@
 name: integration tests
 on:
   pull_request:
-env:
-  SSH_USER: ubuntu
 
 jobs:
-  cue:
-    if: ${{ endsWith(github.repository, '-dev') }}
-    runs-on: ubuntu-24.04
-    timeout-minutes: 2
-
-    steps:
-      - uses: actions/checkout@v6
-
-      - uses: ./.github/actions/cue
-        with:
-          data-file: terraform/tests/config-empty.yml
-          schema-file: config.cue
-
-      - uses: ./.github/actions/cue
-        with:
-          data-file: terraform/tests/config-aws.yml
-          schema-file: config.cue
-
-      - uses: ./.github/actions/cue
-        with:
-          data-file: terraform/tests/config-gc.yml
-          schema-file: config.cue
-
   empty:
-    needs:
-      - cue
+    if: ${{ endsWith(github.repository, '-dev') }}
     runs-on: ubuntu-24.04
     timeout-minutes: 3
     defaults:
       run:
         working-directory: terraform
     env:
+      SSH_USER: ubuntu
       CONFIG: tests/config-empty.yml
       PLAN_RESOURCES_JSON_PATH: /tmp/empty_plan_resources.json
       APPLY_OUTPUT_JSON_PATH: /tmp/empty_apply_output.json
 
     steps:
       - uses: actions/checkout@v6
 
+      - run: >
+          cat tests/config-empty.tpl.yml
+          | sed "s/\${TERRAFORM_ORGANIZATION}/${ORGANIZATION}/"
+          | sed "s/\${TERRAFORM_WORKSPACE}/${WORKSPACE}/"
+          > tests/config-empty.yml
+        env:
+          ORGANIZATION: '${{ vars.TEST_TERRAFORM_ORGANIZATION }}'
+          WORKSPACE: '${{ vars.TEST_TERRAFORM_WORKSPACE }}'
+
+      - uses: ./.github/actions/cue
+        with:
+          data-file: terraform/tests/config-empty.yml
+          schema-file: config.cue
+
       - name: set up terraform
         uses: hashicorp/setup-terraform@v4
         with:

README.md

@@ -99,14 +99,21 @@ sequenceDiagram
 [Use the template feature](https://docs.github.com/en/repositories/creating-and-managing-repositories/creating-a-repository-from-a-template).
 
 ## initialize the project
-### 1. allow HCP Terraform to access the cloud services
 
-#### 1.1. set up HCP Terraform
+### 1. set up HCP Terraform
+
+1. [create an organization](https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/organizations#create-an-organization)
+1. [create a workspace](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/create) in the CLI-driven workflow
+
+### 2. set up Google Cloud
 
-1. [create an organization](https://www.terraform.io/cloud-docs/users-teams-organizations/organizations#creating-organizations)
-1. [create a workspace](https://www.terraform.io/cloud-docs/workspaces/creating)
+1. [create a project](https://developers.google.com/workspace/guides/create-project) if you deploy servers to Google Cloud
+
+## set up access
+
+### 1. allow HCP Terraform to access the cloud services
 
-#### 1.2. set up OIDC integration
+#### 1.1. set up OIDC integration
 
 ##### AWS
 
@@ -116,7 +123,7 @@ see https://developer.hashicorp.com/terraform/cloud-docs/dynamic-provider-creden
 
 see https://developer.hashicorp.com/terraform/cloud-docs/dynamic-provider-credentials/gcp-configuration
 
-#### 1.3. [set workspace-specific variables](https://www.terraform.io/cloud-docs/workspaces/variables/managing-variables#workspace-specific-variables) as follows
+#### 1.2. [set workspace-specific variables](https://www.terraform.io/cloud-docs/workspaces/variables/managing-variables#workspace-specific-variables) as follows
 
 > [!NOTE]  
 > replace `****` with your values

terraform/tests/config-empty.tpl.yml

@@ -0,0 +1,5 @@
+terraform_cloud:
+  organization:
+    name: ${TERRAFORM_ORGANIZATION}
+    workspace: ${TERRAFORM_WORKSPACE}
+servers: