2.2. Custom Workflow Configuration
Overview
For workflows that do not use Terraform (e.g., Ansible, Helm, or custom automation pipelines), the configuration focuses on workflow steps, approvals, and triggers, without Terraform lifecycle controls.
VCS and Template Settings
| Setting | Description |
|---|---|
| Enable VCS Settings | Integrate workflow with version control (GitHub, GitLab, Bitbucket, etc.). |
| Activated Templates | Choose the active workflow template (e.g., /demo-org/ansible-nginx). |
| Change Selected Template | Switch to a different template. |
| Select Revision | Choose which template version to use (e.g., ansible-nginx:1). |
| Input Variables Method | Choose Form or Code mode for providing inputs. |
VCS and Template Settings
Template variables appear dynamically (e.g., IP address, username, etc.) and support:
- Manual input, or
- Reference linking via
Create Reference.
Custom input
Example Variables for Ansible:
- IP Address of Ansible Host
- Ansible Username
Configure Approval
Custom Workflows support approval at the step level. You enable approval for individual Workflow Steps, so you control exactly which steps pause for review. These settings apply to all Workflow Steps that have approval enabled:
| Setting | Description |
|---|---|
| Allow anyone to approve this workflow | When enabled, any authenticated user can approve and only one approval is needed. The Eligible Approvers and Required approvers fields are disabled. |
| Eligible Approvers | Select the Users or User Groups who can approve this Workflow. You can combine multiple individual Users with User Groups. |
| Required approvals | Set the minimum number of approvals needed before the run can proceed (for example, "From at least 1 approver"). |
Configure Approval
info
For details on how to review and approve workflow runs, approval logic for mixed identity types, and external approval systems, see Review and approve Workflow Runs.
Workflow Steps
This section defines the sequence of actions (steps) executed when a custom workflow runs.
- Add Step + – Add new steps from the workflow library.
- Step Name – Unique identifier for each step.
- Workflow Step Template – Select a prebuilt step from your organization’s library.
- Workflow Step Template Revision – Specify the version of that template.
- Workflow Step Timeout – Define maximum runtime.
- Require Approval for this step - Pauses the workflow run until this step is approved.
- Command Override – Optionally override the default command.
- Input Variables with noCode Form – Use a visual form to configure inputs.
Workflow Steps
Steps execute sequentially and can be reordered or deleted easily.
Multiple steps can be combined to build complex, multi-phase automation flows.
Chaining & Webhook
The Chaining & Webhook section functions similarly to Terraform workflows.
Workflow Chaining
-
On Error – Trigger another workflow on failure.
-
On Success – Trigger another workflow on completion.
Each includes condition filters, target workflow selection, and action type.
Webhook
- On Error / On Success – Define external HTTP endpoints to notify when workflows end.
- Each webhook includes:
-
Webhook Name
-
Webhook URL
-
Webhook Secret
-
Example:
- On Success → Trigger a “Configuration Validation” workflow.
- On Error → Notify the DevOps team via webhook or run a rollback automation.
Example: HTTP POST Request Body
- Here is an example of what the HTTP POST request body looks like:
{
"Org": "wicked-hop",
"Timestamp": 1763045349466,
"WorkflowGroup": {
"ResourceName": "test-webhook"
},
"WorkflowRun": {
"OrgId": "/orgs/wicked-hop",
"WfgrpId": "/wfgrps/test",
"WfId": "/wfgrps/test/wfs/aws-s3-demo-website-op9v",
"WfrunId": "/wfgrps/test/wfs/aws-s3-demo-website-op9v/wfruns/g389yenk9hrp",
"ResourceName": "g389yenk9hrp",
"WfrunDetails": {
"LatestStatus": "COMPLETED",
"LatestStatusKey": "on_0_generate-terraform-plan",
"RuntimeParameters": {
"iacTemplate": {
"/stackguardian/aws-s3-demo-website:16": {
"RuntimeSource": {
"sourceConfigDestKind": "GITHUB_COM",
"config": {
"includeSubModule": false,
"ref": "main",
"isPrivate": false,
"workingDir": "",
"repo": "https://github.com/stackguardian/template-tf-aws-s3-demo-website"
}
},
"IsArchive": "0",
"IsActive": "1",
"IsPublic": "1",
"CreatedAt": 1696247453148,
"TemplateName": "aws-s3-demo-website",
"OwnerOrg": "/orgs/stackguardian",
"TemplateType": "IAC",
"SourceConfigKind": "TERRAFORM",
"TemplateId": "/stackguardian/aws-s3-demo-website:16"
}
},
"wfStepsConfig": [
{
"name": "generate-terraform-plan",
"mountPoints": null,
"wfStepTemplateId": "/stackguardian/terraform:19",
"wfStepInputData": {
"schemaType": "FORM_JSONSCHEMA",
"data": {
"approvalPreApply": false,
"managedTerraformState": true,
"terraformPlanOptions": "",
"prePlanHooks": [],
"runPostPlanHooksOnDrift": false,
"preInitHooks": [],
"postApplyHooks": [],
"terraformInitOptions": "",
"preApplyHooks": [],
"terraformVersion": "1.5.7",
"terraformAction": "plan",
"postPlanHooks": [],
"runPreInitHooksOnDrift": false,
"applyPolicy": true,
"runPrePlanHooksOnDrift": false
}
},
"timeout": 2100,
"approval": false
}
],
"cacheConfig": {
"path": [
"user/repo/.terraform",
"user/repo/tf_plan.out"
],
"enabled": true,
"key": "tf_cache",
"policy": "PULL_PUSH"
},
"runnerConstraints": {
"selectors": [
"shared"
],
"type": "shared",
"sharedType": "shared-external"
},
"terraformAction": {
"action": "plan"
},
"environmentVariables": [],
"deploymentPlatformConfig": [
{
"config": {
"profileName": "aws-demo",
"integrationId": "/integrations/aws-demo"
},
"kind": "AWS_STATIC"
}
],
"workflowStepsTemplates": {
"/stackguardian/terraform:19": {
"SharedOrgs": {
"/orgs/adorsys-test": {},
"/orgs/siemens-di": {},
"/orgs/wicked-hop": {}
},
"RuntimeSource": {
"sourceConfigDestKind": "CONTAINER_REGISTRY",
"config": {
// EU region: 476299211833.dkr.ecr.eu-central-1.amazonaws.com/...
// US region: 476299211833.dkr.ecr.us-east-2.amazonaws.com/...
"dockerImage": "476299211833.dkr.ecr.eu-central-1.amazonaws.com/workflow-steps/iac-terraform:1761049860-v4.0.20-terraform",
"isPrivate": false
}
},
"IsArchive": "0",
"IsPublic": "1",
"IsActive": "1",
"CreatedAt": 1679583161499,
"TemplateName": "terraform",
"OwnerOrg": "/orgs/stackguardian",
"TemplateType": "WORKFLOW_STEP",
"TemplateId": "/stackguardian/terraform:19",
"SourceConfigKind": "DOCKER_IMAGE"
}
},
"iacPoliciesTemplates": {},
"vcsConfig": {
"iacVCSConfig": {
"iacTemplateId": "/stackguardian/aws-s3-demo-website:16",
"useMarketplaceTemplate": true
},
"iacInputData": {
"schemaType": "FORM_JSONSCHEMA",
"data": {
// EU region example: eu-central-1
// US region example: us-east-2
"bucket_region": "eu-central-1"
}
}
},
"terraformConfig": {
"approvalPreApply": false,
"managedTerraformState": true,
"prePlanHooks": [],
"runPostPlanHooksOnDrift": false,
"preInitHooks": [],
"postApplyHooks": [],
"driftCheck": true,
"preApplyHooks": [],
"terraformVersion": "1.5.7",
"postApplyWfStepsConfig": [],
"prePlanWfStepsConfig": [],
"driftCron": "0 */6 * * ? *",
"preApplyWfStepsConfig": [],
"postPlanHooks": [],
"runPreInitHooksOnDrift": false,
"runPrePlanHooksOnDrift": false
},
"wfType": "TERRAFORM"
}
}
},
"Workflow": {
"ResourceName": "aws-s3-demo-website-op9v"
},
"Type": "COMPLETED"
}