3. Get the credentials. Create and copy SecretId and SecretKey on the Manage API Key page.
Creating a Project
Create a code repository on GitHub. Below is the directory structure:
.
├── README.md
├── environments
│ ├── dev
│ │ ├── main.tf
│ │ └── provider.tf
│ └── prod
│ ├── cicd
│ │ └── main.tf
│ ├── local.tf
│ ├── main.tf
│ ├── provider.tf
│ └── qta
│ └── main.tf
└── modules
├── network
│ ├── main.tf
│ ├── outputs.tf
│ ├── provider.tf
│ └── variables.tf
├── security_group
│ ├── main.tf
│ ├── outputs.tf
│ ├── provider.tf
│ └── variables.tf
└── tke
├── main.tf
├── outputs.tf
├── provider.tf
└── variables.tf
Directory structure description:
1. The project structure mainly consists of environments and modules directories.
2. The environments directory isolates dev and prod environments and sets different configurations for different environments. Each environment directory is an independent root module.
Note:
dev demonstrates how to create a VPC.
prod demonstrates how to isolate businesses through workspace. VPCs are created in the cicd directory, and container clusters are created in the qta directory.
3. modules encapsulates resource information for reuse. Here, it contains demo modules of the VPC, security group, and TKE.
1. To avoid security issues due to AK/SK leakage, you need to set environment variables in https://github.com/${USER}/${PROJECT}/settings/secrets/actions. Replace the secrets with the copied SecretId and SecretKey.
Click New workflow next to Actions, or create a workflow by adding a YAML file in the .github/workflows/ directory. For more information on the workflow configuration, see Related Operations.
Check workflow
1. Terraform should not have too many root module resources. Similarly, avoid reading all resources during a check, which should be triggered in a fine-grained manner.
2. In this document, environments are distinguished by branch. For example, if the configuration in the dev branch needs to be updated, the update will be triggered only in dev. After the configuration update, submit the pull request and merge the code into main (main branch). In this way, the system does not need to scan all the sub-directories of environments for update checks, reducing unnecessary state sync operations.
3. The workflow mainly runs terraform fmt, terraform init, terraform validate, and terraform plan to check the code and display the build plan, so as to determine whether to execute the deployment.
Deployment workflow
1. If all operations in the check workflow are successful and the output of terraform plan is as expected, you can perform the merge operation.
2. After the merge is completed, trigger the deployment operation (i.e., terraform apply) as shown below:
Related Operations
After the environment directory specified by environment is entered, the system will check whether a sub-directory exists, and if so, the system will isolate different business environments (such as qta and ci) through workspace; if not, the specified directory is equivalent to a common root module.
Creating a check workflow
Download Terraform and verify the Terraform code as follows:
# This is a basic workflow to help you get started with Actions
name: CI
# Controls when the workflow will run
on:
pull_request:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
