GOAL:

Make GitHub action workflow to create a resource group, virtual network, network security group, and virtual machine over Azure using Terraform.

GITHUB ACTIONS:

• It is a modern CI/CD tool integrated natively on GitHub. It provides the possibility to quickly automate build, test, deployment, and other custom workflows on GitHub without needing additional external tools.

• GitHub actions help us to perform various actions such as buildings, packaging, and disturbing the codes, also running them on various platforms.

WHY USE IT?

GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.

CONCEPTS USED:

Workflow:

• It is an automated procedure composed of one or more jobs that are added to a repository and can be activated by an event. They are defined by YAML files and with them, you can build, test, package, relay, or deploy a project.

Event:

• An event is a specific activity the in the repository that automatically triggers the workflow. These are specific activities that trigger the execution of a workflow.

• In this task, I have used the push event which means as soon as I pushed the code into the branch the pipeline starts.

• The on keyword defines the Github events in the workflow.

Actions:

• An action is a custom application for the GitHub Actions platform that performs a complex but frequently repeated task.

• Here, action checkout@v3 is used to checks-out the repository under $GITHUB_WORKSPACE, so the workflow can access it.

Actions secrets:

• Since the task is about deploying Azure infrastructure with Terraform for that terraform needs to login to Azure which requires login credentials.

• To store these credentials for terraform authentication to Azure secrets concept is used. Secrets provide the functionality to protect sensitive data used in the pipeline.

Runner:

• It is a machine that executes the actions and passes on the progress and the results.

• There are two types of runners:

1. GitHub-Hosted Runners

2. Self-Hosted Runner

• This task uses the Self-Hosted Ubuntu Runner.

WORKFLOW:

1. Define terraform code to launch resources

   • This task contains terraform modules to launch resources group, virtual network, and virtual machine over Azure.

2. Make a .github folder, and workflow folder inside the .github folder to define the workflow.

3. Configure a self-hosted runner over an Azure virtual machine.

   • Launch virtual machine over Azure.

   • Install Azure CLI over the virtual machine:

     1. Get packages needed for the installation process:

        • sudo apt-get update

        • sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg

     2. Download and install the Microsoft signing key:

        • sudo mkdir -p /etc/apt/keyrings

        • curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor |

        • sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null sudo chmod go+r /etc/apt/keyrings/microsoft.gpg

     3. Add the Azure CLI software repository:

        • AZ_REPO=$(lsb_release -cs)

        • echo "deb [arch=`dpkg --print-architecture` signed-by=/etc/apt/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |

        • sudo tee /etc/apt/sources.list.d/azure-cli.list

     4. Update repository information and install the azure-cli package:

        • sudo apt-get update

        • sudo apt-get install azure-cli

   • Now, run the following commands to configure the VM as a runner:

     • First, create one folder:

       mkdir <folder_name> && cd <folder_name>

     • Download the latest runner package:

       curl -o actions-runner-linux-x64-2.301.1.tar.gz -L https://github.com/actions/runner/releases/download/v2.301.1/actions-runner-linux-x64-2.301.1.tar.gz

     • Extract the installer:

       tar xzf ./actions-runner-linux-x64-2.301.1.tar.gz

     • Create the runner and start the configuration experience:

       ./config.sh --url <github_url> --token <token> ( You will find it at the new runner configuration part)

     • Run the runner:

       ./run.sh

4. Create a pipeline that runs terraform code.

   Let’s first understand the .yml file.

   • Name: Used to define the name of the workflow.

   • on: It is the parameter that allows specifying in which state the action will be triggered and the start step of the action.

   • jobs: A job is made up of multiple steps and runs in an instance of the virtual environment. Jobs can run independently of each other or sequentially if the current job depends on the previous job to be successful.

   • env: env defines environment variables that are available to all jobs and steps in the workflow.

   • steps: Steps represent a sequence of tasks that will be executed as part of the job. There are seven steps are defined here,

     • The first step is used to checks-out the repository under $GITHUB_WORKSPACE, so the workflow can access it.

     • Define installation of terraform.

     • Used to define login to the Azure cloud.

     • Used to run terraform init command.

     • Define the terraform plan command.

     • Used to run terraform apply command.

     • Define the terraform destroy command.

   • working-directory: Used to define the directory to run these steps.

5. STEPS TO USE WORKFLOW:

   • Clone the repository:

   • Create a GitHub repository in your account. And set this repository as an upstream project for your working directory.

   • Now, to run terraform command we need to authenticate the GitHub Action with Azure:

     • Github action supports three different ways of authentication with Azure:

       • Using service principal

       • OpenID connect method

       • Through the az login command (Only possible if you have access to the runner)

     • For this task, we will use OpenID connect method.

     • Steps to configure OpenID connect method.

       • Create an Azure Active Directory application and a service principal.

         • Go to Azure Active Directory, and Navigate to the App registration tab

         • Click on new registration and fill out the required fields.

           

       • Add federated credentials for the Azure Active Directory application.

         • Now open the newly created app registration, and go to the certificate and secrets part.

         • You find three options, use Federated credentials.

         • After clicking on the federated credentials option you have to enter the scenario, Add Github Action deploying azure resources option there.

           

           • Now fill in the required information like repository name, and entity type should be the branch, and then add the working branch name in the value section.

           • After adding all the information Click on add.

         • Create GitHub secrets for storing Azure configuration.

           • Now got to the working repository. Click on settings and click on secrets and variables.

           • Use the action option and you will navigate to the new page where you will find the new repository secret option.

           • Click on the new repository secret option to add secrets.

             

   • Azure login requires the Azure subscription group ID, Tenant ID, and Application ID. Create the secrets for these values.

   • After the successful configuration of the OpenID connect method push the code into the repository you have created.

   • It will start the GitHub action workflow and configure the Azure resources.

I hope you like this article.

THANK YOU FOR READING.