Terraform CI/CD Demo Google Cloud

This repository demonstrates using Github Actions to create a CI/CD pipeline that deploys Terraform infrastructure to Google Cloud.

Preparing Google Cloud to run the example

You will need a Google Cloud project. Note the Project ID, you will need it in your Terraform configuration. Make sure the Compute Engine API is enabled in your project.
Create a Cloud Storage bucket. It will be used for the Terraform backend state file. Note the bucket name as you will use it in your Terraform configuration.
Create a Google Cloud Service account with Editor privileges. Generate a key, download it to your computer and rename the file key.json. You will need this file later.

Log onto your GitHub account.
Navigate to thie following repository and fork it into your account: https://github.com/drehnstrom/terraform-cicd-demo-gcp
In your new repository, click on Settings, then Secrets | Actions.
Create a new respository secret with the name GOOGLE_CREDENTIALS. The value or the secret will be the contents of your key.json file, but with the new line characters removed. Use the following bash command to strip newline characters: cat key.json | tr -s '\n' ' '. Run this command from the folder where you saved your Service Account key file.
Once the secret is created navigate to the file space-invaders/provider.tf in your GitHub repository.
In the backend configuration, change the bucket value to the name of the bucket you created earlier.
Now open the space-invaders/terraform.tfvars file and change the project_id variable to the id of your Google Cloud project.

Open the .github/workflows/terraform.yaml file.
Have a look at the code. The pipeline runs whenever there is a push or pull request. The Checkout, Setup Terraform, and Terraform Init steps always run. The Terraform Plan step only runs when there is a pull request. The Terraform Apply step only runs when there is a push to the main branch.

Create a new branch called dev and switch to it.
From the Github website open the space-invaders/terraform.tfvars file. Click the edit button and change the value of instance_count from 0 to 1. Commit the change.
Click on the Actions link. You should see your pipeline running. Click on it and you can see the detail.
Now create a pull request to merge the dev branch into main. Once the pull request is created, again click the Actions link. You should see the pipeline running again. Investigate the output of the Terraform Plan step.
Nothing has been created thus far because the Terraform Apply step only runs on a push to main. Click one the Pull requests menu and approve the merge.
Again, click on the Actions link and you should see the pipeline running.
Go to your Google Cloud project. In Compute Engine you should see a new virtual machine was created. In VPC | Firewall you should see a new firewall rule was created.

Repeat the steps in the prior section, but change the instance_count variable in the space-invaders/terraform.tfvars file back to 0. Make sure you make the edits on the dev branch. Commit the change, then make a pull request, and finally approve the pull request.
Go to your Google Cloud project and verify that the Compute Engine virtual machine and the firewall rule have been deleted.