Intro
In this part of the blog series, I want to focus on the GitHub Actions I created in the first part and explain what the Action performs. I will also add the vNet resources to my deployments.
GitHub Actions explained
To explain what is going on in the GitHub Action, I have added comments to each code section.
# Name of the action
name: rg-connectivity-001
# Controls when the workflow will run
on:
# Triggers the workflow on changes to the terraform files in the path
# Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001/
# Action will only trigger on the main branch
push:
paths:
- 'Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001/*.tf'
branches:
- main
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This action only has one job called Connectivity
Connectivity:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Setting environment variables
# Variables are used by Terraform to authenticate to Azure
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.MVP_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
# Initialize Terraform
- name: 'Terraform init'
id: init
run: |
cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
terraform init
# Create Terraform plan
- name: 'Terraform plan'
id: plan
run: |
cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
terraform plan
# Deploy the planned resources to Azure using Terraform
- name: 'Terraform apply'
id: apply
run: |
cd Subscriptions/Sub-MVP-Sponsorship/rg-connectivity-001
terraform apply -auto-approve
You might have noticed that I have added a few things to the actions since part 1, but please update your Actions with these changes if you haven’t. The main difference is adding the filter “braches: main,” the rest is cosmetic and only comments.
Creating the vNet, subnets and NSGs
The vNet in my hub network will contain just two subnets, one called GatewaySubnet and one called AzureFirewallSubnet. I have updated my variables to create these resources.tf and main.tf files for the rg-connectivity-001 resource group.
Variables.tf
variable "Location" {
type = string
default = "WestEurope"
}
variable "ResourceGroup" {
type = string
default = "rg-connectivity-network-001"
}
variable "vnet" {
type = any
default = {
"vNetName" = "vnet-connectivity-001"
"address_space" = ["172.16.0.0/16"]
}
}
variable "Subnets" {
type = any
default = {
"GatewaySubnet" = {
"name" = "GatewaySubnet"
"prefix" = ["172.16.0.0/26"]
"routeTable" = "rt-vnet-connectivity-gateway-001"
}
"FirewallSubnet" = {
"name" = "AzureFirewallSubnet"
"prefix" = ["172.16.0.64/26"]
"routeTable" = "rt-vnet-connectivity-firewall-001"
}
}
}
Main.tf
resource "azurerm_resource_group" "resourcegroup" {
name = var.ResourceGroup
location = var.Location
}
resource "azurerm_virtual_network" "vnet" {
name = var.vnet.vNetName
address_space = var.vnet.address_space
location = azurerm_resource_group.resourcegroup.location
resource_group_name = azurerm_resource_group.resourcegroup.name
}
resource "azurerm_subnet" "subnets" {
for_each = var.Subnets
name = each.value["name"]
resource_group_name = azurerm_resource_group.resourcegroup.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = each.value["prefix"]
depends_on = [
azurerm_virtual_network.vnet
]
}
Deployment of network resources
To deploy my updated code, I don’t need to do much. I need to commit my updated files to my main branch in GitHub; the rest will happen automatically via the GitHub actions.
I have worked in a new branch that allows me to commit code to GitHub without updating resources in Azure. Working with branches enables me to update my repository often, ensuring that I can revert to previous code with minimal changes.
Summary
I can now complete this second part of the blog series. I now have some network resources in my environment, and I also got to explain what goes on in the GitHub Actions.
Any feedback is welcome, so reach out on Twitter or LinkedIn, so I can fix any errors or optimize the code I am using.
Links to other parts of the blog series
Part 3: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part3/
Part 4: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part4/
Part 5: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part5/
Link for all the code in this post
I have put all the code used in this blog post on my GitHub repository so you can download or fork the repository if you want to.
https://github.com/mracket/GitHub-Terraform
This blog is part of Azure Week. Find more great Azure content here.
About the Author:
I’m a Cloud Solution Specialist with expertise within Azure, Microsoft infrastructure services like DNS, DHCP, Domain services etc., Citrix Virtual Apps and Desktops and Citrix Cloud and automation with PowerShell.
I have over 15 years of experience working with IT and I have been working with both SMB companies and Enterprises. Through working with both I have gotten an insight into what is needed for each type of company and how it is best to do changes to IT within them.
Reference:
Therkelsen, M. (2022). Using GitHub and Terraform to deploy Azure resources – Part 2. Available at: https://www.cloudninja.nu/post/2022/06/github-terraform-azure-part2/ [Accessed: 12th July 2022].
