Trunk based development with Terraform

Requires Github enterprise or a public repo for the environments to work.

Idea is you setup a central bucket for tfstate, in this example hendry-bq-terraform.

You create workload identity and service accounts in oidc-setup/ and use those outputs to configure https://github.com/kaihendry/bq-terraform/settings/environments

You allow the service account write access to hendry-bq-terraform bucket to save default.tfstate in a prefix, e.g.

gsutil iam ch serviceAccount:github-action@stgtest-424513.iam.gserviceaccount.com:roles/storage.objectAdmin gs://hendry-bq-terraform
gsutil ls -r gs://hendry-bq-terraform
gs://hendry-bq-terraform/dev/:
gs://hendry-bq-terraform/dev/default.tfstate

gs://hendry-bq-terraform/stg/:
gs://hendry-bq-terraform/stg/default.tfstate

IAM permission troubleshooting

gcloud auth application-default revoke
gcloud auth application-default login

Developing locally

terraform init -backend-config="prefix=dev" -reconfigure -upgrade

Perhaps Terraform workspaces can be considered instead of prefixes.

Name		Name	Last commit message	Last commit date
Latest commit History 47 Commits
.github		.github
.vscode		.vscode
conf		conf
oidc-setup		oidc-setup
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
main.tf		main.tf
provider.tf		provider.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Trunk based development with Terraform

IAM permission troubleshooting

Developing locally

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

kaihendry/trunk-terraform

Folders and files

Latest commit

History

Repository files navigation

Trunk based development with Terraform

IAM permission troubleshooting

Developing locally

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages