Terraform is an infrastructure automation tool which enable reliable and repeatable resource deployment in cloud environments. GitHub actions becoming a popular choice of CI/CD for most of the source code repos used in GitHub.
Let's look at how to setup a GitHub action pipeline to deploy Azure resource using Terraform script.
Pre-requisites:
- Terraform workspace
- Terraform API Token
- GitHub account
- Azure subscription
Let's add secret values which we going to use in action pipeline.
Login to azure via PowerShell or azure cloud shell, run following command with correct values to create an azure service principal.
az ad sp create-for-rbac -n "MyApp" --role Contributor --scopes /subscriptions/{mysubscriptionId}
Go to settings section of GitHub and select secret. Add service principle values as GitHub secrets as explain below.
TF_API_TOKEN = Token value generated in Terraform cloud
AZURE_AD_CLIENT_ID = appId of SPN
AZURE_AD_CLIENT_SECRET = SPN password
AZURE_AD_TENANT_ID = Azure AD tenant id
AZURE_SUBSCRIPTION_ID = Azure subscription id
Now, Go to actions tab of relevant GitHub repo. Select Terraform from the new workflow section.
You can setup your action pipeline similar to following
name: 'Terraform' on: workflow_dispatch: jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest env: ARM_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }} ARM_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }} steps: # Checkout the repository to the GitHub Actions runner - name: Checkout uses: actions/checkout@v2 # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v1 with: cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init # Generates an execution plan for Terraform - name: Terraform Plan run: terraform plan # Create resources - name: Terraform Apply run: terraform apply -auto-approve
Add following code segment to main.tf file to create connection with TF cloud
terraform {
cloud {
organization = "<<TF organization name>>"
workspaces {
name = "<<TF workspace name>>"
}
}
}
Once you run the action pipeline, you can see success run similar to following image.
You would be able to see the deployed resources in azure and state file in Terraform cloud work space.
Following are the terraform files using in this blog.
Main.tf
terraform {
cloud {
organization = "<<TF org>>"
workspaces {
name = "<<TF workspace>>"
}}}
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}-${var.environment}-rg"
location = var.location
}
variables.tf
variable "prefix" {
description = "purpose of resource"
default = "demo"
}
variable "environment" {
description = "dev , qa or prod"
default = "dev"
}
variable "location" {
description = "azure data center location"
default = "eastus"
}
providers.tf
provider "azurerm" {
subscription_id = "<<azure subscription id>>"
features {}
}
No comments:
Post a Comment