This repository demonstrates using Github Actions to create a CI/CD pipeline that deploys Terraform infrastructure to Google Cloud.
-
You will need a Google Cloud project. Note the Project ID, you will need it in your Terraform configuration. Make sure the Compute Engine API is enabled in your project.
-
Create a Cloud Storage bucket. It will be used for the Terraform backend state file. Note the bucket name as you will use it in your Terraform configuration.
-
Create a Google Cloud Service account with Editor privileges. Generate a key, download it to your computer and rename the file
key.json
. You will need this file later.
-
Log onto your GitHub account.
-
Navigate to thie following repository and fork it into your account: https://github.com/drehnstrom/terraform-cicd-demo-gcp
-
In your new repository, click on Settings, then Secrets | Actions.
-
Create a new respository secret with the name
GOOGLE_CREDENTIALS
. The value or the secret will be the contents of yourkey.json
file, but with the new line characters removed. Use the following bash command to strip newline characters:cat key.json | tr -s '\n' ' '
. Run this command from the folder where you saved your Service Account key file. -
Once the secret is created navigate to the file
space-invaders/provider.tf
in your GitHub repository. -
In the
backend
configuration, change thebucket
value to the name of the bucket you created earlier. -
Now open the
space-invaders/terraform.tfvars
file and change theproject_id
variable to the id of your Google Cloud project.
-
Open the
.github/workflows/terraform.yaml
file. -
Have a look at the code. The pipeline runs whenever there is a push or pull request. The Checkout, Setup Terraform, and Terraform Init steps always run. The Terraform Plan step only runs when there is a pull request. The Terraform Apply step only runs when there is a push to the main branch.
-
Create a new branch called
dev
and switch to it. -
From the Github website open the
space-invaders/terraform.tfvars
file. Click the edit button and change the value ofinstance_count
from0
to1
. Commit the change. -
Click on the Actions link. You should see your pipeline running. Click on it and you can see the detail.
-
Now create a pull request to merge the dev branch into main. Once the pull request is created, again click the Actions link. You should see the pipeline running again. Investigate the output of the Terraform Plan step.
-
Nothing has been created thus far because the Terraform Apply step only runs on a push to main. Click one the Pull requests menu and approve the merge.
-
Again, click on the Actions link and you should see the pipeline running.
-
Go to your Google Cloud project. In Compute Engine you should see a new virtual machine was created. In VPC | Firewall you should see a new firewall rule was created.
-
Repeat the steps in the prior section, but change the
instance_count
variable in thespace-invaders/terraform.tfvars
file back to0
. Make sure you make the edits on the dev branch. Commit the change, then make a pull request, and finally approve the pull request. -
Go to your Google Cloud project and verify that the Compute Engine virtual machine and the firewall rule have been deleted.