Integrating Terraform Cloud with GitHub Actions workflow
Aniket Kumar Sinha
Posted on October 22, 2023
What is Terraform Cloud?
Terraform Cloud is a web-based SaaS (Software as a Service) platform provided by HashiCorp, the creators of Terraform. It serves as a central hub for managing and automating infrastructure provisioning using HashiCorp's Infrastructure as Code (IaC) tool, Terraform. Terraform Cloud enhances the deployment workflow by offering features such as remote execution, collaboration, version control integration, and secure state management.
Why should we use Terraform Cloud over Terraform Open Source?
HashiCorp announced that now Terraform will not be fully open source. Link to article
Better and secure State management - HashiCorp provides feature of keeping the state file in TFC workspace and also provides an option to lock that state i.e, one cannot write upon the locked state.
Remote execution.
TFC has their own agents which works well with Terraform.
TFC provides HashiCorp's Sentinel policies which can help in integrating Policy-as-Code in our infrastructure.
Why integrating TFC with GH Actions workflow?
TFC can handle only Terraform steps/commands ,i.e, terraform init, terraform validate, terraform plan, terraform apply. So, if you are having any other step, or any of your jobs are using some other scripts, then you might need GitHub Action for running those scripts, which will run on either GitHub runners or Self hosted runners.
Choose API-driven workflow.
We choose API-driven workflow because we are integrating TFC with GitHub Actions so the API token will be used by GitHub Actions for authentication in TFC workspace. Read more on API-driven workflow
Provide the workspace a name.
Tap on Create Workspace button.
Create a GitHub repository where you would be adding your TF code and GitHub Actions workflow files.
Choose API tokens section.
There are 3 categories of token which one can generate:
User Token - In a TFC organization, many users can be a part. So, this token is generated by a single user.
Team Token - This token is generated by a team.
Organization Token - This token is generated for the whole organization.
All tokens have similar access, it's just that all users or teams should not have access to all tokens.
We are creating the User token.
Add a description and set the expiration time period of that token, and Generate the token.
Copy and store the generated API token.
Now get back to your repository Settings->Secrets and variables->Actions. And tap on New repository secret to add the TFC API token as secret in the GitHub repository.
Add the secret name(prefer adding the same name as you added while creating the token. In the Secret section add the generated token. Click Add secret.
Add your SPN details (such as Client ID, Client Secret, Tenant ID) and subscription details in TFC workspace variables.
Now it's time to add some TF code in your GitHub repo along with the Terraform providers block with specific details of your TFC workspace. These details are important for your connection and deployment via TFC.
We created an integrated workflow file that connects the GitHub actions workflow with the TFC workspace run. When you run this workflow, you can see a simultaneous run over TFC workflow, both the runs are the same, it's just that the real TF code run is running on TFC workspace and a copy/replica is shown up in the GitHub actions workflow run.
Hola!! Pipeline running successfully ✅
You can check the TFC workflow run and you can also get that link from the Terraform Plan or Terraform Apply phase:
Integrating Terraform Cloud with GitHub Actions workflow
What is Terraform Cloud?
Terraform Cloud is a web-based SaaS (Software as a Service) platform provided by HashiCorp, the creators of Terraform. It serves as a central hub for managing and automating infrastructure provisioning using HashiCorp's Infrastructure as Code (IaC) tool, Terraform. Terraform Cloud enhances the deployment workflow by offering features such as remote execution, collaboration, version control integration, and secure state management.
Why should we use Terraform Cloud over Terraform Open Source?
HashiCorp announced that now Terraform will not be fully open source. Link to article
Better and secure State management - HashiCorp provides feature of keeping the state file in TFC workspace and also provides an option to lock that state i.e, one cannot write upon the locked state.
Remote execution.
TFC has their own agents which works well with Terraform.
TFC provides HashiCorp's Sentinel policies which can help in integrating…