Continuous Integration to Automate Terraform Modules With GitHub Actions As Infrastructure-as-Code Pipelines

April 11, 2022 | Comments(0) |

TABLE OF CONTENT

1. Introduction
2. The Components of GitHub Actions
3. Example for Setting up a Workflow
4. Prerequisites
5. Introduction to Terraform
6. Conclusion
7. About CloudThat
8. FAQs

1. Introduction

GitHub Actions is a continuous integration and continuous delivery (CI/CD) tool offered by GitHub. It is open-source and one of the fastest-growing tools that allow you to automate your build, test, and releases. It is a fast deployment tool with well-founded security, less overhead, and makes you write workflows easily.

Let us assume that we want to create a workflow that gets triggered when an issue is raised. The workflow will contain multiple jobs in its virtual machine runner and performs one or more steps that you define or run an action. So what are these workflow, events, jobs ??

2. The Components of GitHub Actions

  • Workflows: The workflow is an automated process that runs one or more jobs. You can define a workflow in a YAML file in your repository, and it will run when triggered by a specific event. We can have multiple workflows created in a repository to perform different roles.
  • Events: Events are an activity that occurs in your repository that triggers the workflow, for example, pushing a commit, creating pull requests.
  • Jobs: A job is a set of instructions executed on the runner. An instruction can be a script or an action that will run. Jobs will be executed in sequence or parallelly. We can also share data from one step to another since they are dependent on each other. The job dependencies can be handled with other jobs; by default, jobs are executed in parallel with no dependencies.
  • Actions: It is a custom application that can be used to reduce the repetitive code in the workflow files. We can use the actions available in the GitHub marketplace and can also write our own actions.
  • Runners: It is a backend server on which the workflow runs. Each workflow will be executed on a newly provisioned runner.

You can deep dive into the GitHub actions here

3. Example for Setting up a Workflow

Consider setting up a workflow that gets triggered when the code is pushed into the main branch. And the workflow jobs which automate the terraform to deploy Azure resources.

Github

4. Prerequisites

  1. You need to have a GitHub account and Actions should be enabled
  2. Azure credentials
    • Azure Tenant ID
    • Azure subscription ID
    • We need an Azure Service Principle with a Contributor role
    • An azure Service principle’s ClientID and Secrets. Terraform will use this service principle to authenticate with Azure for creating resources
    • I will be using an Azure storage account as my terraform backend in this setup, so I have created a resource group with a storage account and container.
  3. Terraform configuration files to create resources. Here, I am creating the azure resources, but you can deploy resources in any cloud of your choice.

5. Introduction to Terraform

Terraform is an Infrastructure as a Code tool that allows you to build and manage both cloud and on-premises resources in human-readable configuration files which you can share, reuse, and version. The configuration files are written in terraform HCL ( Hashicorp Configuration Language)

So Let’s begin the setup by creating a repository for our pipeline

  1. Login in to your GitHub account and create a repository
    GitHub
  2. Push your terraform code into the repository. Here is my terraform code, I have modules to create a Resource group, Azure Virtual Network, subnet, and a security group for the dev environment
    GitHub
  3. Next, add the service principle’s secrets to your repository. Go to Settings on your repository. Under Secrets, click on Actions, and add a New repository secret. Provide a name to your secret, add its value, and click Add secret. Repeat this process to add all the required credentials
    GitHub
    GitHub
    GitHub
  4. Now, we need to enable the GitHub Actions for our account, for that navigate to your repository, click Actions and search for terraform and click on the Configure. There are other third-party actions are also available here I’m going with Hashicorp.
    GitHub
    GitHub
  5. Once you click the Configure, you will be taken to the terraform.yml file, the workflow configuration file
    GitHub
  6. We need to make changes to the yaml file for our pipeline. Then, we need to set up the jobs to run the terraform code to deploy the Azure resources.
  7. In the yaml file, the below code snippet shows that the workflow will trigger when a push is made on the main branch.

    Next, I have defined the job and given the steps that a job has to perform.

    Here terraform is the job that runs on ubuntu runner, and steps are the instructions which a job will perform. We can define multiple steps under a job. The secrets which are stored are referenced using the environment env variable, and the values are fetched from the Action’s secret during the execution.

  8. Below is our final workflow configuration for our pipeline

    We can check the pipeline execution logs here

    GitHub
    Github

  9. Once the pipeline is succeeded, we can verify the azure resources createdGithubGithub

6. Conclusion

With that, this is how we can integrate terraform with GitHub actions and provision our infrastructure with a single GitHub action workflow in multiple environments. GitHub actions let you run your workflows when an event occurs in your repository. To run your workflows, GitHub offers Linux, Windows, and Mac OS virtual machines, and you can also run your workflows in your data centers or on the cloud.

7. About CloudThat

CloudThat is the official Microsoft Gold Partner, AWS Advanced Consulting Partner, and Training partner helping people develop knowledge on the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

8. FAQs

  1. Other than GitHub, what other version controls are supported?

Bitbucket Cloud, Bitbucket Server, Github Enterprise, GitLab.com, GitLab CE, and EE are other supported version controls.

  1. Can you bulk import the state of the current cloud subscription into Terraform state?

terraform_import command can be used to import individual resources into your Terraform state, but there is not currently a bulk import tool.

Here is a Step-By-Step Guide to Manage AWS Infrastructure on AWS using Terraform Cloud for free. 


Leave a Reply