Currently our deploys will run terraform apply but only to the app service. This leaves use to running terraform changes locally with out record of them happening.
Proposed solution
As a proof of concept create a github action that runs terraform plan and generates an plan.tf as an artifact of the deploy. As this file may contain secrets it should be encrypted. We can use azure key vault to store a private key for decryption and write a script to be able to decrypt the artifact on a developers local machine via the azure cli
Description
Currently our deploys will run terraform apply but only to the app service. This leaves use to running terraform changes locally with out record of them happening.
Proposed solution
As a proof of concept create a github action that runs
terraform plan
and generates anplan.tf
as an artifact of the deploy. As this file may contain secrets it should be encrypted. We can use azure key vault to store a private key for decryption and write a script to be able to decrypt the artifact on a developers local machine via the azure cli