GitHub Actions Workflow for Terraform workspaces

Good day. It's Thursday, Aug. 22, and in this issue, we're covering:

  • GitHub Actions Workflow for Terraform workspaces

  • MFA for Azure will soon be mandatory

  • Istio has deprecated its In-Cluster Operator

  • FinOps Foundations: Strategies for Cross-Team Alignment

  • Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

  • DevOps Roadmap for 2024 with learning resources

You share. We listen. As always, send us feedback at [email protected]

Use Case

GitHub Actions Workflow for Terraform workspaces

Terraform workspaces are essential for managing different environments within the same configuration, such as development, staging, and production. Without them, keeping track of changes and maintaining consistency across environments would be chaotic, if not impossible.

Some of you might already be familiar with this. Let’s quickly go over how workspaces actually work.

How Workspaces Work in Terraform:

  • Each environment is assigned a unique state file to keep configurations isolated.

  • Switch between environments by selecting the corresponding state file.

  • Commands like terraform workspace new and terraform workspace select are used to create and switch between environments.

  • The active environment determines which state file Terraform uses during operations.

  • State files are stored in a backend, and each environment's state is kept separate.

Popularly used backends - S3, GCS, or Blob Storage.

Products like Scalr and Terraform Cloud provide an inbuilt option to maintain the workspaces and respective state files.

This diagram will help simplify how Terraform workspaces integrate with GitHub Actions to manage environments.

GitHub Actions Workflow for Terraform workspaces Architecture

Step 1: Infra team writes Terraform configuration files ( main.tf,  providers.tf, etc.) to define infrastructure.

Step 2: Code is pushed to GitHub, triggering an automated workflow using GitHub Actions.

Step 3: GitHub Actions execute Terraform to validate the workspace-specific state files from the backend.

Step 4: Terraform ensures consistency across workspaces and performs provisioning based on the validated state files.

Step 5: Resources are provisioned across cloud environments like AWS, Azure, or Google Cloud based on the validated configurations.

Sample GitHub Actions yaml:

name: Terraform CI/CD

on:
  push:
    branches:
      - main
      - 'workspace/*'

jobs:
  terraform:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Code
      uses: actions/checkout@v2

    - name: Set up Terraform
      uses: hashicorp/setup-terraform@v2
      with:
        terraform_version: <x.y.z>

    - name: Terraform Init
      id: init
      run: terraform init -backend-config=backend.tfvars

    - name: Select Terraform Workspace
      id: workspace
      run: terraform workspace select ${GITHUB_REF##*/} || terraform workspace new ${GITHUB_REF##*/}

    - name: Terraform Validate
      id: validate
      run: terraform validate

    - name: Terraform Plan
      id: plan
      run: terraform plan -out=tfplan -input=false

    - name: Terraform Apply
      id: apply
      if: github.ref == 'refs/heads/main'
      run: terraform apply -input=false tfplan

Explanation:
  • on: push: The workflow is triggered on pushes to the main branch and any branch that follows the pattern workspace/*, representing different Terraform workspaces.

  • terraform init: Initializes Terraform and configures the backend using the backend.tfvars file.

  • workspace select/new: Selects the appropriate workspace based on the branch name or creates it if it doesn’t exist.

  • terraform validate: Validates the Terraform configuration files.

  • terraform plan: Creates a plan to show what changes Terraform will make.

  • terraform apply: Applies the plan if the push is to the main branch, ensuring that only validated code in the main branch impacts the actual infrastructure.

This file can be customized further based on your specific requirements and environment configurations.

p.s. if you think someone else you know may like this newsletter, share with them to join here

Tool Of The Day

Standardize confidential computing at the pod level and simplify its consumption in Kubernetes.

Trends & Updates

Resources & Tutorials

Picture Of The Day

Nat Friedman, Satya Nadella, and Chris Wanstrath posing with the Octocat, marking the moment GitHub officially joined Microsoft in a $7.5 billion acquisition.

Was Microsoft's $7.5 billion GitHub acquisition worth it?

Login or Subscribe to participate in polls.

Did someone forward this email to you? Sign up here

Interested in reaching smart techies?

Our newsletter puts your products and services in front of the right people - engineering leaders and senior engineers - who make important tech decisions and big purchases.