- TechOps Examples
- Posts
- GitHub Actions Workflow for Terraform workspaces
GitHub Actions Workflow for Terraform workspaces
Good day. It's Thursday, Aug. 22, and in this issue, we're covering:
GitHub Actions Workflow for Terraform workspaces
MFA for Azure will soon be mandatory
Istio has deprecated its In-Cluster Operator
FinOps Foundations: Strategies for Cross-Team Alignment
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
DevOps Roadmap for 2024 with learning resources
You share. We listen. As always, send us feedback at [email protected]
Use Case
GitHub Actions Workflow for Terraform workspaces
Terraform workspaces are essential for managing different environments within the same configuration, such as development, staging, and production. Without them, keeping track of changes and maintaining consistency across environments would be chaotic, if not impossible.
Some of you might already be familiar with this. Let’s quickly go over how workspaces actually work.
How Workspaces Work in Terraform:
Each environment is assigned a unique state file to keep configurations isolated.
Switch between environments by selecting the corresponding state file.
Commands like
terraform workspace new
andterraform workspace select
are used to create and switch between environments.The active environment determines which state file Terraform uses during operations.
State files are stored in a backend, and each environment's state is kept separate.
Popularly used backends - S3, GCS, or Blob Storage.
Products like Scalr and Terraform Cloud provide an inbuilt option to maintain the workspaces and respective state files.
This diagram will help simplify how Terraform workspaces integrate with GitHub Actions to manage environments.
GitHub Actions Workflow for Terraform workspaces Architecture
Step 1: Infra team writes Terraform configuration files ( main.tf
, providers.tf
, etc.) to define infrastructure.
Step 2: Code is pushed to GitHub, triggering an automated workflow using GitHub Actions.
Step 3: GitHub Actions execute Terraform to validate the workspace-specific state files from the backend.
Step 4: Terraform ensures consistency across workspaces and performs provisioning based on the validated state files.
Step 5: Resources are provisioned across cloud environments like AWS, Azure, or Google Cloud based on the validated configurations.
Sample GitHub Actions yaml:
name: Terraform CI/CD
on:
push:
branches:
- main
- 'workspace/*'
jobs:
terraform:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v2
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: <x.y.z>
- name: Terraform Init
id: init
run: terraform init -backend-config=backend.tfvars
- name: Select Terraform Workspace
id: workspace
run: terraform workspace select ${GITHUB_REF##*/} || terraform workspace new ${GITHUB_REF##*/}
- name: Terraform Validate
id: validate
run: terraform validate
- name: Terraform Plan
id: plan
run: terraform plan -out=tfplan -input=false
- name: Terraform Apply
id: apply
if: github.ref == 'refs/heads/main'
run: terraform apply -input=false tfplan
Explanation:
on: push: The workflow is triggered on pushes to the
main
branch and any branch that follows the patternworkspace/*
, representing different Terraform workspaces.terraform init: Initializes Terraform and configures the backend using the
backend.tfvars
file.workspace select/new: Selects the appropriate workspace based on the branch name or creates it if it doesn’t exist.
terraform validate: Validates the Terraform configuration files.
terraform plan: Creates a plan to show what changes Terraform will make.
terraform apply: Applies the plan if the push is to the
main
branch, ensuring that only validated code in the main branch impacts the actual infrastructure.
This file can be customized further based on your specific requirements and environment configurations.
p.s. if you think someone else you know may like this newsletter, share with them to join here
Tool Of The Day
Standardize confidential computing at the pod level and simplify its consumption in Kubernetes.
Trends & Updates
Resources & Tutorials
Picture Of The Day
Nat Friedman, Satya Nadella, and Chris Wanstrath posing with the Octocat, marking the moment GitHub officially joined Microsoft in a $7.5 billion acquisition.
Was Microsoft's $7.5 billion GitHub acquisition worth it? |
Did someone forward this email to you? Sign up here
Interested in reaching smart techies?
Our newsletter puts your products and services in front of the right people - engineering leaders and senior engineers - who make important tech decisions and big purchases.