Skip to content

Latest commit

 

History

History
54 lines (30 loc) · 2.46 KB

README.md

File metadata and controls

54 lines (30 loc) · 2.46 KB

Continuous Integration with GitHub Actions and HashiCorp Terraform

Based on this blog post

Overview

In this scenario, continuous integration of an AWS environment is desired. Configuration is managed via HashiCorp Terraform. Continuous Integration is managed via GitHub Actions. By loading the necessary Terraform configuration files into this repository along with two GitHub Workflows, the Terraform files can be used to Plan and Apply into the target environment.

NOTE: GitHub Actions are disabled for this repository to prevent abuse. You can view previous runs here.

Details

This repository contains two GitHub Workflow files:

Terraform Plan

  • Checks the Terraform configuration for security vulnerabilities with tfsec.

  • Constructs AWS credentials using a Secrets stored in this repository.

  • Loads the Terraform CLI wrapper with Setup Terraform

  • Terraform CLI performs an Init and Plan based on the pull request's configuration.

  • GitHub Actions Bot adds a comment to the pull request with the results. Example: Pull Request 1

You can view pervious Terraform Plan workflows here.

Terraform Apply

  • Constructs AWS credentials using a Secrets stored in this repository.

  • Loads the Terraform CLI wrapper with Setup Terraform

  • Terraform CLI performs an Init and Apply based on the new push configuration.

You can view pervious Terraform Apply workflows here.

Credentials

Credentials should be stored in the user\.aws\credential file using Secrets stored in this repository.

Example:

mkdir -p ~/.aws
echo "[default]" > ~/.aws/credentials
echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials