As part of the DevOps Bootcamp I am taking on CloudSkills.io I used Terraform and GitHub Actions to deploy an IIS server and a website . I have already used Azure DevOps to create basic pipelines but GitHub Actions was new to me. In this blog I have included the high level steps, what I have learned, the challenges I faced and how I overcame them.
High level steps
- Get Terraform to authenticate with Azure . Run az login via cmd to get the subscription ID and store in a notepad.
- Create a Service Principal Account via cmd ; set contributor role and the scope to Sub ID (copy from notepad) . Best practice — Do not use your user account to deploy infrastructure when using CI/CD
- Fork the CloudSkills repo for this project
- This code will deploy an IIS server and a website via GitHub Actions
- Setup secrets for GitHub repo — two secrets, one for AZ CLI login and one for Terraform
- JSON credential objects — Had to re watch this section a number of times to get the format right
- Create a workflow in GitHub actions: Put in the environment variables for authentication, Install Terraform using a snippet, Terraform state resources, Make sure the Storage account name is globally unique, insert the az login snippet and reference the secrets created above, Terraform init and configure backend storage , Terraform plan and output it and Terraform apply.
- Commit and save the workflow
What I have learned
- Why you should use a Service Principal to authenticate with Azure and how to use it in the workflow
- How to setup a workflow in GitHub Actions
- Use snippets in Marketplace to build out the YAML file
- How to monitor workflows in GitHub
Challenges
- Service Principal authentication and creating secrets in GitHub. I re watched the video a number of times and did a quick google search to read more, helpful link — Azure Provider: Authenticating using a Service Principal with a Client Secret
- Various errors in my YAML file — had to go back a number of times line by line to get it right