Conference at Talent Land 2023
This repository contains infrastructure as code written in Terraform that creates cloud services using GitHub actions, allowing changes to be previewed in ephemeral environments before being deployed to production.
tf-unit-tests.yml: Runs unit tests for Terraform code and creates code scanning reports.
tf-drift.yml: Detects drifts between Terraform configuration and the actual state of the cloud resources, then creates issue.
tf-plan-apply.yml: Applies the Terraform changes in the cloud production environment.
tf-prev.yml: Creates a preview environment for a pull request, allowing changes to be tested before they are merged.
- Create an Azure Storage account.
- Update Storage account info on main.tf at the backend block.
- Create 2 apps on Azure Active Directory (Write and Read)
- Register federated credentials for each of them (using environments, pull requests and branches)
- Assign RBAC to the Storage Account with Reader and Data Access to both apps.
- Assign RBAC to your Azure Subscription with Contributor for the Write app and Reader for the other app.
- Get Client Id, Object Id and Tenant Id from both apps.
- Register them as GitHub secrets and separating Client Id on environment secrets.
- Create a branch called prevenvs
- Create a branch with your feature and make a pr. Compare it with prevenvs.
- A GitHub Action workflow will be triggered
- Once deployed and success on the checks. Merge the pull request and check the ephemeral environments has gone.
Contributions to this project are welcome. If you would like to contribute, please read the CONTRIBUTING.md file for guidelines.