Committing and Pushing Updates

[00:00:00]
>> Great, we have it in state. And what's also cool is we can go to our repositories right now and refresh them. And look, my tags are there now, right? I can see that my, well, my about is still the same. But I can even go to Settings, and then go to branches, and then go to Edit, and I'll see all of my branch protections are now set up.

[00:00:22]
Require status checks, dismiss pull state, require pull requests before merge. I can't even merge, we cannot directly commit to main anymore. We just locked ourselves out of that, because we don't want that, right? But during the bootstrap process, we have to do that, right? So really what happens is this is the last step before we just fully are automated at this point.

[00:00:48]
So, yeah, we have our TFE repository. And then if I also go to my other repos, we can see that I also have both of these, I've got the tag setup. And so now, we know that these two are both set up properly, which is great. There's one other thing, though we need to do.

[00:01:08]
Can anyone guess what that one last step that we might need to do is? The next thing we wanna do is we actually wanna make it so that this process is now 100% automated, right? So we've pushed it, it's in the state now, it exists, right? But we have no sink.

[00:01:26]
If I push, it's still in local mode. Where do I go to enable sync?
>> Under the locals value for the GitHub.
>> Not GitHub.
>> I'll say, in the TFE.
>> Yep, why is it in TFE?
>> That's the control for everything that we do going forward.

[00:01:42]
>> Exactly, in Terraform, everything is managed in TFE now, okay? So if I wanna make it so that a workspace, right, is actually able to do what I want it to, I have to go into TFE and set that up. So we're gonna go into TFE, and hey, look, we already even knew this was gonna happen, because we set it first as local.

[00:02:04]
So I'm gonna get rid of that, and I'm gonna type in remote, right? Now, I've committed my changes here, right? But I can't push cuz I just blocked myself out, right? You have two options. First option is actually make a branch, [SOUND] or you can do what I do, which is just override it really quickly.

[00:02:30]
And so that's what we're gonna do. So you can go to the repository, you can go to Settings, go back to, oops, sorry, nope, go back to Branches, Edit. And we're gonna go all the way down here, and it says, do not allow bypassing. This one little feature is actually really nice, because it makes it for a period of time, a really short period of time.

[00:02:50]
You can disable this, push up what you need to, and then actually get into the pattern of using your branches or stuff, or whatever. Another nice thing is the next time that Terraform ply runs on GitHub, this will get reverted and now my branch protection has been removed.

[00:03:06]
So again, just be aware, if you do something like this, you really wanna make sure to [LAUGH] revert it, if not, just run your GitHub plan again. Okay, so really quickly, we're gonna do git add locals.tf, right? Make sure that that's there, and then git commit -m. Make a github sync, right?

[00:03:30]
I'm not gonna push yet, though, okay? The reason why is because I haven't actually committed my changes in GitHub yet, right? So I planned and applied it, but I'm about to tell it to start syncing, right? And so if I do that, it's gonna basically think that it will try and delete things, right?

[00:03:51]
So what we wanna do really quickly is we wanna say git status, git add, backend.tf, locals.tf, main.tf, and then variables.tf, right? Basically, everything in the GitHub repo that we wanna commit, right? And then we wanna do that branch protection override one more time, all right? So now, I'm gonna go to my other repo, and you can just change the URL.

[00:04:20]
You can just go up here in your URL and just change it from TFE to GitHub, And then go to Edit. And then scroll down and change that again, right? And, again, it's okay, cuz we're expecting this to run in a second. So hit Save. Git commit -m, Initial setup, And then we git push.

[00:04:56]
And you'll see I bypassed a rule here as well. Now, if I go to fem-eci-terraform-github, we can see all of my stuff is here. So now, I can go back to tfe, right, and then push as well, right? So now, I've got both of my state pushed up, everything is basically in sync.

[00:05:21]
So what I wanna do now is go back to Terraform Cloud. And you can see here, here's my change and look at that, execution mode remote, okay? So I'm gonna Confirm and apply, cool. Okay, so now, what's gonna happen is this is now set in remote mode, but you'll notice this time it didn't run, right?

[00:05:41]
Well, that's because when you set it in remote for the first time, if it doesn't see or if it hadn't already seen any changes, it's just not gonna run for us, which is actually good in this scenario, because if it ran, it would fail. Does anyone know why it would fail?

[00:05:54]
>> It will try to create repos that exist already and it probably doesn't have access to the GitHub token.
>> Exactly, yeah, it doesn't have access to the GitHub token. So we need to add the GitHub token to our eci workspace the same way that we added our tfe token to our tfe workspace.

[00:06:12]
We're gonna go to Settings, Variable sets, create a variable set. We're gonna call this one, Fem-eci-github. I'm going to apply it to a GitHub workspace, and then we're gonna add two variables, right? Cuz we know these are the two variables that we need. Oops, so first variable is gonna be an environment variable, don't forget to click that.

[00:06:40]
GITHUB_TOKEN, right, and we need to get our token. Let me just move this off screen for a second. I guess move that off screen too for a second. So again, this is in Doppler, so grab your GitHub token in Doppler. And paste that in, hit Sensitive, and add variable.

[00:07:06]
So now, you can see I have added that variable, GITHUB_TOKEN. And then I'm gonna do one more environment variable. And I'm gonna say, GITHUB_OWNER, right, and then this is gonna be my name. And again, this doesn't have to be sensitive. So now, we have a variable set for GITHUB_TOKEN and GITHUB_OWNER, cool?

[00:07:33]
I hit Create variable set, and now fem-eci-tfe is in the Terraform workspace and fem-eci-github is in the GitHub workspace, cool? So now, I can go to GitHub workspace and hit New run up in the top, and hit Plan and apply. Hey, look at that, look at that. And hey, look at what it even realized, look at that.

[00:08:17]
It even saw that we disabled branch protection, right? So it's like, no, no, no, [LAUGH] we're re-enabling that. Because why? Git is the source of truth, right? So even if I go in, and I've done this before, where I've made an override, and then two days later, I forgot.

[00:08:34]
Okay, so here's a good example. We're working on Kubernetes clusters and our autoscaler needs a tag in on an Amazon network resource. But when we were experimenting with it, my whole team was messing with it and I foolishly just went in and added the tag manually. I forgot that our Terraform network automation also runs quite often.

[00:08:56]
And so the other day, somebody went in to work on their Kubernetes cluster and they're like, my, autoscaling is not working, [LAUGH] what's going on? And they're like, trying to figure it out, trying to figure it out, trying to figure it out. And then one of them came to me and was like, hi, this isn't working.

[00:09:09]
And I was like, I know why. [LAUGH] And so I went back and sure enough it wasn't there. And I was like, this is why I did this, I'm sorry, and we moved on. But yeah, the source of truth will always be that going forward. Now, you might notice some other things here like allow merge and [SOUND].

[00:09:29]
Okay, when you use resources with providers, they sometimes change. And on top of that, sometimes there's bugs, don't get me wrong. There's definitely bugs from time to time when it comes to knowing what is the actual state of things, right? We did technically apply this already. So the branch protections are in place, the squash merge, all of this is already done.

[00:09:51]
However, there's a bug right now in the GitHub provider, which is that these commit messages should actually be already in a PR title like this. You don't have to worry about this, essentially. If you see variables in here that are being set that you're like, I don't really know what this is, you might wanna go out to the provider and just check to see is there any bugs going on?

[00:10:15]
Is there anything like that? These are all fine and safe for us, so I'm not super worried about it. But it's just something to note, which is, remember, these are also things that are being contributed to by developers. They're gonna update stuff. GitHub is gonna update its API, which then it comes to the resources, which then comes to your changes, okay?

[00:10:35]
So that's the flow that eventually kinda comes. And so we're gonna hit Confirm and apply here. It's gonna update our branch protections. Now, what's interesting is underneath the hood, there's probably five or six API calls that it's making, right? That's the power of Terraform. It's gotta update a lot of things.

[00:10:52]
But there we go. Now, we have Terraform Cloud fully automated in a fully synchronized set of changes with the source of truth of GitOps. And we also have Terraform GitHub, which is now powered by the source of truth, which is our GitOps. So going forward, if we ever create workspaces, where do we go?

[00:11:13]
>> TFE.
>> TFE, and where do we wanna go if we create repos?
>> GitHub.
>> GitHub, right, and the automation repo, right, for both of those.