Example code for a CI process involving env0
This code is an example of Continuous Integration with Terraform and env0. It is meant as a reference for my Terraform Tuesday YouTube video Exploring Continuous Integration with Infrastructure as Code. If you'd like to take it for a spin yourself, you'll first want to fork this repository and then follow the steps below.
You will need a few things to get started:
- A GitHub account
- An env0 account
- An Azure subscription
- A service principal for your Azure subscription
- Python installed locally for pre-commit hooks
Once you've forked the repository, you will pull down a local copy. Then you'll set up the pre-commit hook processing. The contents of .pre-commit-config.yaml define the hooks that will run. Use the instructions found on James Cook's site to prepare your machine to leverage the pre-commit hooks.
You'll also need to install the utilities used by the pre-commit hooks:
- terraform-docs
- tfsec
- tflint
The pre-commit hook piece is optional, but I think it's very worthwhile.
The GitHub actions are defined in the .github/workflows directory. You don't need to do anything to get it to work. The workflow will fire on a push to any branch not named main
.
The last piece of the process uses a project and environment defined in env0. Here's what you'll need to configure on the env0 side:
- Create a project
- Create cloud credentials for Azure
- Create a template referencing the contents of this repository
- Create an environment for the template
- Enable deploy on push and plan on PR
- Configure values for the variables in the template
When a PR comes in, the environment will run a plan, including the steps defined in the env0.yml file. When the PR is merged, the environment will run a deploy.
Once you've created the environment, run a deploy to get the resources created in Azure.
You'll start by creating a new branch and making a change to the Terraform code. Then try to commit the change and observe the pre-commit hooks that run. Once they pass, push the branch to GitHub and observer the GitHub Actions workflow. Then open a PR. You'll see the plan run in the PR. Once the PR is merged, you'll see the deploy run in the environment.
Name | Version |
---|---|
terraform | >= 1.0.0 |
azurerm | ~> 3.0 |
Name | Version |
---|---|
azurerm | 3.27.0 |
No modules.
Name | Type |
---|---|
azurerm_linux_virtual_machine.main | resource |
azurerm_network_interface.main | resource |
azurerm_network_security_group.main | resource |
azurerm_network_security_rule.app | resource |
azurerm_public_ip.main | resource |
azurerm_resource_group.main | resource |
azurerm_subnet.main | resource |
azurerm_virtual_network.main | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_password | (Required) Password for the admin user. | string |
n/a | yes |
admin_username | (Required) Username for the admin user. | string |
n/a | yes |
app_port_number | (Optional) Port number for app. Defaults to 8000. | number |
8000 |
no |
app_subnet | (Required) Name of subnet for app VM deployment. Must also be in keys from subnet_map. | string |
n/a | yes |
business_unit_tag | (Optional) BU tag to apply to all resources. | string |
null |
no |
common_tags | (Optional) Tags to apply to all resources. | map(string) |
{} |
no |
environment | (Required) Environment for Azure resources. | string |
n/a | yes |
location | (Optional) Region for Azure resources, defaults to East US. | string |
"eastus" |
no |
organization_tag | (Optional) Org tag to apply to all resources. | string |
null |
no |
prefix | (Required) Naming prefix for resources. | string |
n/a | yes |
subnet_map | (Required) Map of subnet names and address spaces. | map(string) |
n/a | yes |
vm_count | (Optional) Number of VMs to create, defaults to 1. | number |
1 |
no |
vm_size | (Optional) VM size for app. Defaults to Standard_D2s_v5. | string |
"Standard_D2s_v5" |
no |
vnet_address_space | (Required) Address space for the virtual network. | list(string) |
n/a | yes |
Name | Description |
---|---|
app_url | n/a |