Adding Terraform Jobs to Pipeline

[00:00:00]
>> Erik Reinert: We need to run the database migrations, right? Now what we need to do is we need to get back to the CI, CD part of things. We've run everything we really need to from an infrastructure perspective, right? And we've even set up the database credentials and all that kinda stuff.

[00:00:15]
But there's actually two things we haven't done, which is we haven't, again, set up the CI. But we also need to make sure that we update the Google Cloud URL, right, in the credentials to the new URL as well. Because if we're using those credentials in a new environment with a new URL, it'll be broken, right?

[00:00:37]
So what we'll have to do is go to our distribution or our CloudFront, go here, right, copy this distribution name, then go to CloudConsole, right? Go to Console, go in here, go to Credentials, and then click on this. Now, I'm not gonna click it because yesterday I realized when I click it, it docks the secret and the key, which is why I had to delete them so quick and I ran over here.

[00:01:09]
So I'm not gonna click it, but again, this is the part where you go click, add the redirect URI for the new environment, save it, and then it'll be good to go.
>> Male Speaker 1: It's only needed to actually log in, right?
>> Erik Reinert: Yes.
>> Male Speaker 1: It's not needed for the front page?

[00:01:24]
>> Erik Reinert: No, it's not. Yeah, exactly. So in this case, it's totally fine if it's broken. For our use case, yeah, it's gonna be fine that it's broken. [LAUGH] Just to save time, yeah, we're not gonna go too deep into troubleshooting and stuff. But I went ahead and added it since I was right there anyway.

[00:01:41]
Okay, cool. So that was the first thing we needed to do. The next thing we need to do is we need to add some automation for some stuff. Cool. So I'm gonna do git commit -m feature added service automation. I went ahead and pushed that up just to kinda give myself a little bit of a clean environment for what we're gonna do next.

[00:02:04]
And so what I wanna do next is I actually want to create an entire new file inside of the github/workflows directory. Now the reason why I'm going to do that is because we want to run more automation. What automation do you think we want to run?
>> Male Speaker 1: Migrations.

[00:02:21]
>> Erik Reinert: Not just migrations. No, not just that. It's not related to the service per se.
>> Male Speaker 1: The Terraform thing?
>> Erik Reinert: The Terraform, yeah, exactly. We want to run the Terraform. So we want Terraform and our deployments to go out, right? We want everything to go out of this repository.

[00:02:38]
So what we want to do is we want to add all of the pipeline jobs and everything for running Terraform. Now, I'm not going to go into super detail on this, but to explain it. And again, you're really seeing a lot of repeated things here, right? You're seeing the concurrency thing that we talked about earlier so that deployments don't block, or so deployments block each other, right?

[00:03:01]
You're seeing the runs on ubuntu-latest, right? The only thing that's new is we're setting up Terraform and we're running Terraform commands. So that's really it. We're setting up Terraform and running Terraform commands. So we do a check to make sure that we have formatting. Everything's formatted properly and validated, right?

[00:03:20]
And then we run plan, which just does init and plan, right? Note the upload-artifacts. So remember earlier how I told you you can like take a TF plan and then like upload it somewhere and then use it in a different job or somewhere else? That's exactly what we're doing here.

[00:03:36]
And then we do on Apply if refs/head/main, so we only apply on main, right? Even though the service deploys on both staging and production, the Terraform will only ever need to be ran once on Main. So we don't need to let that run on any other branch for Apply than Main.

[00:03:57]
So that's exactly what we do. We then check out the code, download the artifact, and then run the TF plan, Apply or Terraform Apply with the TF plan file. And boom, there we go. We are all set again. It's a pretty big file. Just to save time, I'm going to go quickly through that.

[00:04:16]
But if you want to see more of it, feel free to go through the file itself in the repository. But the end effect should be feature added Terraform jobs is if I push this up and then I go to our branch. Now I'm actually going to go to our branch.

[00:04:41]
>> Erik Reinert: We will see a whole new job running called Terraform. You can see now it's actually initializing the Terraform. Remember, we already have AWS credentials in GitHub. We did that yesterday. So this goes back to that whole dogfooding what we've already created and making it so that we can just reuse things we've already done.

[00:05:02]
In this case, we've already added the credentials to connect to Amazon and all that stuff so we could just reuse it for the terraform. And because the credentials are or allow everything, we don't really have to worry about permissions or anything like that either. It'll do everything we need.

[00:05:20]
But now we are shipping code and building and testing code in one workflow, and then in another workflow we are running the exact same terraform commands that you saw me run locally. There we go. You'll see that apply skips. You already understand how we do the don't and do run jobs and stuff like that.

[00:05:42]
I don't think I need to go super deep into that. You just need to know that the apply job was skipped and it did it because we expected it to. Cool. Awesome. Again, you'll note that even though that ran, we still are running our build and deploy. It's going through the actual process of building our image and everything.