w00kster
commented
1 year ago Implemented a Terraform plan step in a GitHub Action workflow file.
This uses an environment variable prefixed with TF_VAR_ to allow Terraform to ingest the secret for a Linode token that is scoped to MySQL cluster read/write operations and run a plan against the cloud provider.
When developing locally (or in Codespace) I use a secrets.auto.tfvars file to have the same linode_token variable defined for access to Linode.
What
We have Terraform code to deploy resources to Linode. What we don't have is any automated way to deploy these changes with no human interaction e.g. IP address whitelist updates for MySQL database access.
How
We likely can just implement GitHub Actions to handle
terraform plan&terraform applyoperations with some guardrails (branch naming convention, approvals etc)