From a04137900ee9d449b98e0f354e8350d64446acfe Mon Sep 17 00:00:00 2001 From: WayneGoosen <13494899+WayneGoosen@users.noreply.github.com> Date: Sun, 21 Jul 2024 22:04:34 +0200 Subject: [PATCH] feat: clean up draft post 4 --- ...oyment-guide-part-4-github-tf-workflow.mdx | 47 +++++++++---------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/src/content/blog/streamlit-deployment-guide-part-4-github-tf-workflow.mdx b/src/content/blog/streamlit-deployment-guide-part-4-github-tf-workflow.mdx index 9e22576..6357d5a 100644 --- a/src/content/blog/streamlit-deployment-guide-part-4-github-tf-workflow.mdx +++ b/src/content/blog/streamlit-deployment-guide-part-4-github-tf-workflow.mdx @@ -2,7 +2,7 @@ heroImage: /src/assets/images/Terraform.png category: CICD description: >- - A step-by-step guide to configure a GitHub Workflow that executes Terraform commands to provision Infrastructure on Azure. + A step-by-step guide to configuring a GitHub Workflow that executes Terraform commands to provision Infrastructure on Azure. pubDate: 2024-07-16 draft: true tags: @@ -14,9 +14,9 @@ title: >- Streamlit Deployment Guide Part 4: GitHub Workflow for Terraform Apply & Destroy --- -This showcases a GitHub Workflow walkthrough of executing the necessary Terraform commands to provision and tear down the Azure resources for the Streamlit application. It continues a series detailing the process of deploying a Streamlit app to Azure, broken down into the following parts: +This post showcases a GitHub Workflow walkthrough for executing the necessary Terraform commands to provision and tear down Azure resources for the Streamlit application. It continues a series detailing the process of deploying a Streamlit app to Azure, broken down into the following parts: -- [**Part 1**: Containerizing a Streamlit app.](https://blog.waynegoosen.com/post/streamlit-deployment-guide-part-1-containerization/) +- [**Part 1**: Containerizing a Streamlit app](https://blog.waynegoosen.com/post/streamlit-deployment-guide-part-1-containerization/) - [**Part 2**: GitHub Workflow for Building and Publishing to ghcr.io](https://blog.waynegoosen.com/post/streamlit-deployment-guide-part-2-github-workflow/) - [**Part 3**: Azure Infrastructure via Terraform](https://blog.waynegoosen.com/post/streamlit-deployment-guide-part-3-azure-infra/) - **Part 4**: GitHub Workflow for Terraform Apply & Destroy **You are here** 😊 @@ -29,7 +29,7 @@ See the [completed GitHub Workflow](#completed-workflow). ## Prerequisites -A basic understanding of GitHub Actions is required and the Workflow assumes you have the files from Part 3: +A basic understanding of GitHub Actions is required. The Workflow assumes you have the files from Part 3: - /infra/main.tf - /infra/providers.tf @@ -37,32 +37,32 @@ A basic understanding of GitHub Actions is required and the Workflow assumes you - /infra/locals.tf - /infra/web-app.tf -If you have your own Terraform configuration, ensure all the dependent files are available and are stored within /infra folder for this Workflows to function correctly. +If you have your own Terraform configuration, ensure all dependent files are available and stored within the /infra folder for this workflow to function correctly. ## Create GitHub Workflows -The Workflow file should be stored within the following folder: `.github/workflows/`. A concise name could be `terraform-plan-apply.yaml` and `terraform-destroy.yaml`. +The workflow files should be stored within the following folder: `.github/workflows/`. Suitable names could be `terraform-plan-apply.yaml` and `terraform-destroy.yaml`. ### Setup Azure Application Registration -See [Azure Federated Identity Credentials for Terraform: A GitHub Actions Guide](https://blog.waynegoosen.com/post/fed-creds-tf-github-actions/). +Refer to [Azure Federated Identity Credentials for Terraform: A GitHub Actions Guide](https://blog.waynegoosen.com/post/fed-creds-tf-github-actions/). -### Setup environment +### Setup Environment -1. Navigate to the your repository on GitHub. +1. Navigate to your repository on GitHub. 2. Go to “Settings” > “Environments”. -3. Create a new environment 'production' +3. Create a new environment named 'production' -### Add secrets +### Add Secrets -Adding Secrets: +To add secrets: -1. Navigate to the your repository on GitHub. +1. Navigate to your repository on GitHub. 2. Go to “Settings” > “Environments” > Select “production”. 3. Go to "Environment secrets" and select "Add environment secret" -4. Add the following secrets using the output of [Setup Azure Application Registration](#setup-azure-application-registration): AZURE_ENTRA_ID_CLIENT_ID, AZURE_ENTRA_ID_TENANT_ID & AZURE_SUBSCRIPTION_ID +4. Add the following secrets using the output from [Setup Azure Application Registration](#setup-azure-application-registration): AZURE_ENTRA_ID_CLIENT_ID, AZURE_ENTRA_ID_TENANT_ID and AZURE_SUBSCRIPTION_ID -These will be used as environment variables provided to the terraform actions. +These will be used as environment variables provided to the Terraform actions. ### Completed Apply Workflow @@ -172,7 +172,7 @@ jobs: name: Terraform Plan & Apply Infrastructure ``` -The name of the workflow which is shown under the Actions tab. This allows you to set a readable name for your Workflow, if omitted the file name will be shown. +This sets the name of the workflow, which is displayed under the Actions tab. If omitted, the file name will be shown. #### Triggers @@ -187,7 +187,7 @@ on: workflow_dispatch: ``` -The workflow triggers on pushes to the "main" branch and only if the changes are made in the 'infra' directory. The 'workflow_dispatch' allows the workflow to be triggered manually. Additionally there is a trigger for any tags created on the repository. +The workflow triggers on pushes to the "main" branch and only if the changes are made in the 'infra' directory. The 'workflow_dispatch' allows the workflow to be triggered manually. Additionally, there is a trigger for any tags created on the repository. Tags are use to manage the version of the Streamlit application. #### Environment @@ -197,7 +197,7 @@ env: WORKING_DIRECTORY: './infra' ``` -This sets two environment variables available to the entire workflow. Working directory is set to where our Terraform source resides (i.e infra) and TF_VAR_resource_group_name allows you to set the resource group used to provision resources within. +This sets two environment variables available to the entire workflow. The working directory is set to where the Terraform source resides (i.e. /infra) and TF_VAR_resource_group_name allows you to set the resource group used to provision resources within. #### Jobs @@ -210,8 +210,7 @@ jobs: id-token: write ``` -There is a single job defined which covers the full behavior to run the Terraform commands. 'runs-on' specifies it should run on the latest version of Ubuntu. -environment ensures this job uses the created 'production' environment (this is a Prerequisite when using the federated identity credentials). Grants the necessary permissions for the job to update the id-token. This is neccessary for using federated credentials after the Azure login. +There is a single job defined which covers the full process of running the Terraform commands. ‘runs-on’ specifies it should run on the latest version of Ubuntu. Environment ensures this job uses the created ‘production’ environment (a prerequisite when using federated identity credentials). Permissions grant the necessary permissions for the job to update the id-token, which is necessary for using federated credentials with Terraform after the Azure login #### Steps @@ -224,7 +223,7 @@ environment ensures this job uses the created 'production' environment (this is fetch-depth: 0 ``` -Checks out the repository to the job runner. Allowing the runner to access the repository content. +This checks out the repository to the job runner, allowing the runner to access the repository content. ##### 2. Get Owner/Repo Name and Convert to Lowercase @@ -234,7 +233,7 @@ Checks out the repository to the job runner. Allowing the runner to access the r run: echo "image-name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT ``` -Retrieves the repository name and converts it to lowercase for use as the Docker image name (lowercase name is required). You can easily use an env variable for your image name. This just allows it to be automated. +Retrieves the repository name and converts it to lowercase for use as the Docker image name (lowercase name is required). You can easily use an environment variable for your image name. This just allows it to be automated. ##### 3. Extract tag version @@ -265,7 +264,7 @@ Since the Azure Web Application is running our published image in ghcr.io, retri This task logins into Azure using the federated identity credentials. Once authenticated the following Terraform tasks will be able to perform actions against the subscription. -##### 5. Terraform set +##### 5. Terraform Setup ```yaml - name: Setup Terraform @@ -276,7 +275,7 @@ This task logins into Azure using the federated identity credentials. Once authe This is used to set up Terraform CLI in a GitHub Actions workflow, allowing you to run Terraform commands within the workflow. -##### 6. Terraform init +##### 6. Terraform Init ```yaml - name: Terraform Init