In this section, we will explore how to integrate Terraform with GitHub Actions to automate your infrastructure deployments. GitHub Actions is a powerful CI/CD tool that allows you to automate workflows directly from your GitHub repository.
Objectives
- Understand the basics of GitHub Actions.
- Learn how to set up a GitHub Actions workflow for Terraform.
- Automate Terraform commands using GitHub Actions.
- Securely manage secrets and environment variables.
Prerequisites
- Basic understanding of Terraform and GitHub.
- A GitHub repository to work with.
- Terraform installed locally for initial setup and testing.
- Introduction to GitHub Actions
GitHub Actions allows you to automate tasks within your software development lifecycle. You can create workflows that build, test, and deploy your code right from GitHub.
Key Concepts
- Workflow: A configurable automated process made up of one or more jobs.
- Job: A set of steps executed on the same runner.
- Step: An individual task that can run commands or actions.
- Runner: A server that runs your workflows when triggered.
- Setting Up a GitHub Actions Workflow for Terraform
Step 1: Create a .github/workflows Directory
In your GitHub repository, create a directory named .github/workflows. This is where your workflow files will reside.
Step 2: Create a Workflow File
Create a new file named terraform.yml inside the .github/workflows directory.
name: Terraform
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
run: terraform apply -auto-approveExplanation
- name: The name of the workflow.
- on: Specifies the events that trigger the workflow (e.g., push, pull_request).
- jobs: Defines the jobs to be run.
- runs-on: Specifies the runner environment (e.g.,
ubuntu-latest). - steps: Lists the steps to be executed in the job.
Step 3: Configure Secrets
To securely manage sensitive information like cloud provider credentials, use GitHub Secrets.
- Go to your GitHub repository.
- Navigate to
Settings>Secrets>New repository secret. - Add the necessary secrets (e.g.,
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY).
Example of Using Secrets in Workflow
Modify the terraform.yml to include environment variables for secrets.
- name: Terraform Init
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: terraform init
- name: Terraform Plan
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: terraform plan
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: terraform apply -auto-approve
- Automating Terraform Commands
Terraform Init
Initializes the Terraform working directory.
Terraform Plan
Generates an execution plan.
Terraform Apply
Applies the changes required to reach the desired state of the configuration.
- Practical Exercise
Exercise: Automate Terraform Deployment with GitHub Actions
- Create a GitHub Repository: Create a new repository on GitHub.
- Add Terraform Configuration: Add your Terraform configuration files to the repository.
- Set Up GitHub Actions: Follow the steps above to create a
.github/workflows/terraform.ymlfile. - Add Secrets: Add necessary secrets to your GitHub repository.
- Push Changes: Push your changes to the repository and observe the GitHub Actions workflow in action.
Solution
-
Repository Structure:
. ├── .github │ └── workflows │ └── terraform.yml ├── main.tf └── variables.tf -
main.tf:
provider "aws" { region = "us-west-2" } resource "aws_s3_bucket" "example" { bucket = "my-unique-bucket-name" acl = "private" } -
variables.tf:
variable "aws_region" { description = "The AWS region to deploy to" default = "us-west-2" } -
terraform.yml:
name: Terraform on: push: branches: - main pull_request: branches: - main jobs: terraform: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v2 - name: Set up Terraform uses: hashicorp/setup-terraform@v1 - name: Terraform Init env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: terraform init - name: Terraform Plan env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: terraform plan - name: Terraform Apply if: github.ref == 'refs/heads/main' env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} run: terraform apply -auto-approve
Conclusion
In this section, you learned how to integrate Terraform with GitHub Actions to automate your infrastructure deployments. You set up a GitHub Actions workflow, configured secrets, and automated Terraform commands. This integration helps streamline your CI/CD pipeline, making your infrastructure as code (IaC) practices more efficient and reliable.
Next, we will explore how to use Terraform Cloud and Enterprise for advanced collaboration and management features.
Terraform Course
Module 1: Introduction to Terraform
Module 2: Terraform Configuration Language
Module 3: State Management
Module 4: Terraform Modules
Module 5: Provisioning Resources
- Provisioning Basics
- Provisioning AWS Resources
- Provisioning Azure Resources
- Provisioning GCP Resources
Module 6: Advanced Terraform Features
Module 7: Terraform Best Practices
Module 8: Terraform in CI/CD
- Integrating Terraform with CI/CD
- Automating Terraform with Jenkins
- Using Terraform with GitHub Actions
- Terraform Cloud and Enterprise