DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

The software you build is only as secure as the code that powers it. Learn how malicious code creeps into your software supply chain.

Apache Cassandra combines the benefits of major NoSQL databases to support data management needs not covered by traditional RDBMS vendors.

Generative AI has transformed nearly every industry. How can you leverage GenAI to improve your productivity and efficiency?

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Related

  • Delivering Your Code to the Cloud With JFrog Artifactory and GitHub Actions
  • Terraforming Your Cloud Infrastructure The Right Way
  • Travis CI vs Jenkins: Which CI/CD Tool Is Right For You?
  • Implementing Infrastructure as Code (IaC) for Data Center Management

Trending

  • Detection and Mitigation of Lateral Movement in Cloud Networks
  • Creating a Web Project: Caching for Performance Optimization
  • Secrets Sprawl and AI: Why Your Non-Human Identities Need Attention Before You Deploy That LLM
  • Cloud Security and Privacy: Best Practices to Mitigate the Risks
  1. DZone
  2. Testing, Deployment, and Maintenance
  3. Deployment
  4. Enhance Terraform Final Plan Output in GitHub Actions

Enhance Terraform Final Plan Output in GitHub Actions

Follow these tips to easily identify and confirm the exact cloud resource changes for your GitHub pipeline approvals.

By 
Karthigayan Devan user avatar
Karthigayan Devan
·
Aug. 30, 24 · Tutorial
Likes (4)
Comment
Save
Tweet
Share
5.4K Views

Join the DZone community and get the full member experience.

Join For Free

Terraform is an Infrastructure as Code (IaC) tool that allows the DevOps engineer to automate the provision and management of infrastructure resources. It uses configuration files written in HashiCorp Config Language (HCL) to define the desired state of the infrastructure and has various commands to configure and apply the infra resources. 

GitHub Actions is a continuous integration and delivery platform (CI/CD) that allows developers to automate build, test, and deployment pipelines. During the deployment configuration, we need to define a step: a step is an individual action that GitHub Actions performs. 

Current State

While deploying an infrastructure resource through Terraform in general, the Terraform plan output shows all the execution logs and displays the final plan output at last. If many infrastructure changes are going on at the same time, all changes will get dumped into a single plan output, and the reviewer needs to scroll down to see the final output. It may lead to distraction and the possibility of missing the final plan output clearly, which results in destroying the resources by accident after execution.  

Terraform logs and final plan output

Proposed Solution

In this article, I have given a simpler solution to how to overcome the above problem in a simpler way. This will separate the Terraform output step into 3 steps.

Prerequisite

For this mock pipeline execution, I have used Google Cloud for the resource deployment. Before the code execution, set up the Google credentials as required (highlighted in the below code snippet).  

Step 1

Introduce a new step in GitHub actions to collect all Terraform stdout log output.

Step 2

This output needs to be saved into a GitHub output variable.

Step 3

Use the output variable in the next steps, filter the plan output log alone to display in this step execution log, and provide the text contents and background color to gain attention during the pull request reviews. 

YAML
 
#comment: introduce a new step to capture terraform stdout output and dump the logs into GitHub output variable
#comment: used google cloud for deployment and set up google credentials for this execution

- name: terraform_plan_output
      id: terraform_plan_output
      run: |
        {
          echo 'tfplan_output<<EOF'
          terraform plan -input=false 2>&1
          echo EOF
        } >> "$GITHUB_OUTPUT"
      env:
        GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}

#comment: with the help of above step output variable, in this step, filter the logs and find only for final plan output line. 
#comment: color code the line as needed with background shade to get reviewers attention before pull request approval

    - name: terraform_plan_output_final_review
      run: |
          echo -e "\033[44m REVIEW THE BELOW TERRAFORM FINAL OUTPUT THOROUGHLY BEFORE RAISING PULL REQUEST"
          echo -e "\033[31m -----"
          echo "${{ steps.terraform_plan_output.outputs.tfplan_output }}" | grep 'Plan:'
          echo -e "\033[31m -----"


Mock Execution Screenshots

Introduce a separate step in the Terraform output plan:

Introduce a separate step in the Terraform output plan

Terraform final review plan with a comment:

Terraform final review plan with a comment

Benefits

Separate out Terraform stdout logs and final plan output. This helps the GitHub reviewer to focus on the exclusive plan output step and see the infra changes clearly. Background color helps to get more attention during the review. Infra changes through Terraform, especially during update and delete, need more attention. This individual step may avoid environmental outages at later stages.  

Conclusion

By following these tips, as a code reviewer or pull request approver, you are able to easily identify and confirm the exact cloud resource changes for your GitHub pipeline approvals.

For sample code, visit the repository on GitHub (maintainer: Karthigayan Devan).

GitHub Cloud pull request Terraform (software) Continuous Integration/Deployment

Opinions expressed by DZone contributors are their own.

Related

  • Delivering Your Code to the Cloud With JFrog Artifactory and GitHub Actions
  • Terraforming Your Cloud Infrastructure The Right Way
  • Travis CI vs Jenkins: Which CI/CD Tool Is Right For You?
  • Implementing Infrastructure as Code (IaC) for Data Center Management

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!