[bell]

Hello everyone, my name is Akash.

Welcome to debugging white. In today's

video, we will dive into Wonderop's

exciting project that includes GitHub

action for CI/CD pipeline, Terraform for

infrastructure as code, AWS for uh cloud

platform. We will ensure about the code

quality and code formatting with using

Terapform security and Terapform linting

tool. So if you are a beginner or

working professional looking for

workflow of CI/CD pipeline using GitHub

action so this video is for you. So

without wasting your time let's grab

your coffee open your terminal and let's

get started.

Okay guys uh I prepared some of the

files already with me and this is my VS

code editor. Uh so let's come to the

main file. This is main.tf file. You

don't need to be worried uh by seeing

these long files. I am taking the code

from here. This is uh Terraform

documentation. If you want to create any

of this stuff on uh AWS, you just need

to select here and uh copy the code and

paste in your uh uh main file basically.

So in my case, I'm selecting S3 bucket.

And if you see here, I'm selecting some

of the code related to ownership

control. So I took the code and paste it

into my uh VS code editor. So basically

uh the provider is AWS. The region we

are using uh using is US East1. Resource

is AWS S3 bucket and the name is my

testing bucket 133. In your case you can

take any of the name but it should be uh

unique one. Uh if we come down uh here

is the ownership control uh object.

Basically uh uh we are saying uh to AWS

if anyone upload some of their stuff on

our bucket uh it doesn't mean uh it

doesn't mean uh he's the owner of that

stuff but uh if he wants to be owns uh

the ownership on that object yeah I

respect it so basically what we have

selected here object ownership is bucket

owner preferred and the next is I'm

selecting uh the ACL uh Access control

list our bucket is private but if you

see here it's depends on AWS S3 bucket

ownership controls and it comes here

depends mean uh first this block should

execute and then this

okay uh I hope you understand what uh

depends on means so if I come down uh

Okay, here's the public access block.

So, this is the private uh uh S3 bucket.

So, we blocked all public ACL and uh

ignore public uh ACLS, restrict public

buckets. So, we use true uh because we

want to be we want to create one uh a

bucket uh uh privately. We don't want to

expose it on internet. And uh in the

next part we are having uh AWS S3 bucket

versioning. So basically uh this status

enabled. So what it means like uh u uh

in s in our S3 bucket if we upload one

file and uh in the future we upload the

same file with the same name uh the AWS

won't replace the file with the uh

second one and uh not delete the second

one basically uh it uh it puts the

version on it uh v_sub1 v2 v3 like that.

Uh so basically in future if you want to

restore the uh any of the version you

can. So basically it uh basically it is

for uh uh data protection and if I come

down uh here we have selected the AWS

KMS keys. So basically uh uh here the

description is this key is used to

encrypt bucket objects. So if uh you

uploaded some of your stuff on that

bucket uh it would be in in uh in

encrypted mode I would say. Uh so let's

come to the next point. It's uh enable

the key rotation. It's true. So

basically uh every year AWS will uh

create one new key and start using it.

So it it is basically for uh uh data

production. Uh every year it will create

one new key and uh in the next part it's

deletion window in day seven. So

basically what it means if you

accidentally uh delete your key so AWS

won't delete your key uh immediately uh

but it will take 7 days uh uh to remove

your keys. So in the meantime you can

cancel your uh uh deletion if uh you

want but it it will uh wait for uh

another 7 days and after that uh it will

delete your keys and uh your data would

be uh not encrypted mode. If we come

back to our backend terapform file uh we

have mentioned the uh backend connection

to our S3 bucket which is already

accessed on our AWS account. The S3

bucket name is my test terapform state

uh lobby. Basically we have created this

S3 bucket to store our terapform state

file. So when we uh hit the terraform

apply button uh it terapform create its

uh state file uh having all of the

infrastructure it created and uh we

basically uh uploading uh the state file

on this bucket and the path is s3 github

actions terapform.state state file. So

basically uh to accidentally deletion or

modification uh we are uh uh storing the

state file on this S3 bucket and uh the

terraform version should be 0.13. Uh

basically u github github will going to

use the terapform uh version uh 0.13.

Below this terraform will throw an error

and uh the required provider is AWS. The

version is 2.7.0

and the source repository is hashikop

uh/ AWS. So this is the provider

basically if uh uh we are mentioning the

provider is AWS and the version it

should use is 0 uh uh 2.0 uh 2.7.0

sorry. And uh here is the uh tflin.hcl

HCL. So basically uh in the starting uh

I already told you we will be ensuring

our uh code formatting. So we are

including the plug-in uh this plug-in is

installed on uh github.com.

Llinters. So this community uh uploaded

uh its plug-in onto the github.com

already. So we are just fetching this

plug-in. And uh

this is the deploy.ml. It's under the

GitHub workflow. This is the main file

uh uh basically automates the CI/CD

pipeline. So the name we have provided

is terapform CI/CD and we have mentioned

on every push like uh if we push

anything onto the main branch or pull

request comes to the main branch main

branch the workflow got triggered and

perform the below jobs. So the jobs is

uh jobs are basically uh the name is

terapform lin security check and deploy

you can mention any of the name here and

uh these jobs will run only on Ubuntu

latest basically the OS will would be

Ubuntu and uh we have mentioned the

environment here as region is US East

one uh terraform version would be 1.4.0

zero TF lint [laughter] uh version is uh

0.46 and uh TFSE is 1.28 281.1

uh updated to a more recent version. So

basically uh I have tested these files

already on these versions. So uh it it's

better you keep these version or if you

want uh you can keep uh more recent

version. So GitHub action will take su

uh code of v2 version. It's basically

it's a uh good practice to take the uh

version two because uh the version one

and uh I would say the uh the recent

version may bring uh uh bug fixes and

breaking changes. So it's a good

practice to take the v2 version uh and

uh it will take the code and uh bring to

the uh open virtual machine and uh

perform the uh nation steps and in the

next steps we are having uh the AWS uh

credential configured. Uh I will show

you how we will uh we can configure the

AWS access keys and secrets keys to

access the particular AWS account. uh

with uh my GitHub and uh in the next

step we are mentioning uh basically we

are setting up the terapform environment

uh the uses is hikop setup terapform and

uh with the terapform version is uh uh

basically we have defined the

environment variable here so it will uh

takes the environment TF version and it

will redirect it to here TF version 1.4

four. So it will setting up the

terraform environment. Uh in the next

step uh it is setting up the uh

basically it will uh it is installing

the TFlint tool uh with the uh this URL

and uh the TF link will be redirected to

here and uh uh unzip it and uh uh do the

TFlint version. Uh so basically uh here

it is uh setting up the TF link tool uh

setup and in the next step it is setting

up uh the TF security tool uh the same

thing it doing here uh it it will uh

download the its uh files and uh it will

go uh here environment.tfsack.v

question, it will redirect it to here.

Uh the same thing. Uh

and in the next step, it is uh assigning

some uh permission to this uh the to

these files and uh uh moving this file

from uh here to user bin user local bin

and uh it will do the tfac version. It

will show us the version of this tfsec.

And uh in the next step we are

initializing the terapform. So we have

set it up to terapform already in these

in these steps. So here we are

initializing the terapform uh with the

terapform inet command and terapform

format terapform validate. It will

basically check the silly mistakes uh

weird spaces, curly braces and uh the

proper key terraform uh keywords and

after that it will tell us if the

terraform code makes sense to it and um

we are in initializing the terraform

lint command. Uh basically it will

checks the uh code quality and uh uh the

standard format and uh here we are

initializing the terapform security uh

tool. Basically it runs the security

check on our uh uh code uh like we are

creating the S3 bucket here. So it will

checks the uh encryption and uh

encryption methods and uh the public

access like we have logged all of the

public access and we are using the uh

encryption methods. So it's basically

checks this and uh after that uh we are

uh doing the terapform plan out uh TF

plan. So basically uh it will prepare

prepare a terapform plan file uh as we

have mentioned here out uh TF plan. So

this file indicates what it going to do

on terra uh cloud platform site like uh

it basically creating the S3 bucket. So

it will create one plan into this file

and uh here we are applying this file

terapform apply. Uh so basically uh what

we are having in this uh TF TF plan it

will uh uh apply all of these changes

and prepare uh deploy uh the S3 bucket

on the uh AWS side and uh we are

skipping the manual approval. Here we

are uh mentioning the auto approve uh

the TF plan and uh we are mentioning uh

if the GitHub uh reference uh branch

would be main and then only perform this

uh apply.

Okay. Uh and uh after that let's come to

the web browser here. Uh here is my uh

GitHub account. Let's create one

repository here. Uh name you can keep

anything. uh in my case I'm taking

GitHub action terapform and in the

description uh I have mentioned the

GitHub action CI/CD using terapform uh

you can mention any of the description

uh we will keep this repository public

so I'm using the public option here and

let's create the repository

okay repository is here uh I will take

this uh URL the SSH mode uh and let's

come back to the terminal I have

selected the terminal already here.

Okay. Uh let's initialize the GitHub.

Get finite. Okay. GitHub is initialized.

Get add

all. Okay. Uh

let's do get

status. Okay. All of the files are

selected. uh get

uh uh commit - mitell

commit.

Okay, nice. Uh I will do get add remote

origin and uh

I think I'm measuring the wrong command.

it

remote at

origin

and here yeah now it's good and uh I

will select the main branch get

check out

fn

main okay switch to main get push

con.

Let's push all of the files.

Okay, it's 100% done. Let's go back to

the GitHub and refresh.

Perfect. All of the files are here. And

let's see.

It's in pending state. Okay. Uh so

basically uh you see

uh uh here what we have mentioned here

on every push uh the workflow will

trigger on the main branch uh and uh we

did the same on the main branch we

pushed the files and uh the GitHub

action workflow got triggered and you

see uh it uh it started and uh it see

one problem here uh

yeah see configure AWS credential

credentials. So we have to uh select the

AWS credential where it will create the

uh S3 bucket. So

let's go back to the repository

and in the settings uh here's the

secrets and variables and uh here's the

actions

uh here uh new repository secrets. So

the name would be uh

AWS access key ID. You can take the name

uh from here AWS access key ID and the

same for secret AWS secret key access uh

AWS secret access key uh in your case uh

uh that would be uh some I'm stopping

the video and pasting the access keys

and secrets here uh just to not expose

these uh access keys and uh secret onto

uh onto the internet. So I'm stopping my

video and come back to you with the uh

completion of this step. Okay. So we are

done with the uh configuring the uh AP

uh access key ID and secret keys. Let's

go back to the repository again. And uh

you see it's having the same failure.

Let's rerun the all jobs.

Let's see now.

Okay, it's running.

Let's wait for a few minutes.

TF terafform I need done terapform

format terapform validate

named terapform plan. So basically uh

that's the main step. It will create the

plan what is going to create on AWS

side.

Okay, it's done.

You see in terapform plan

uh here uh it is creating the SP bucket

terapform apply. Okay, let's you see our

uh uh

our bucket is here.

Okay, it's night. Uh

okay, so the code is working. Uh let's

clean up the resources what we have

created just now. Let's go back to the

uh

the VS code editor. uh for cleanup part

I'll create one file inside GitHub

dot workflows

just rename it

same Okay.

Okay. Uh I'm having the code with myself

already. Uh just pasting it here. And uh

if you see here uh it's the same uh it's

kind of same as we have done in deploy

file. The different thing is uh we have

mentioned one chron job here which runs

every days at midnight and adjust the

resources as per the requirement

uh it it will basically destroy or uh

what we have mentioned it here uh it

will adjust as needed. So the job uh uh

we have mentioned it is kind of same in

deploy as per the deploy deployment. DML

file uh it it basically runs on open to

uh machine and uh A+ region and TF uh

version is same and uh it basically

check out our uh GitHub repository code

and it takes the V2 version uh it's a

good practice to take the V2 version as

we have discussed already and in the

close steps uh we have mentioning two

takes are AWS access keys and secret

keys we have mentioned into our GitHub

account and uh in the next steps we are

mentioning the terapform version uh we

are initializing terapform here and uh

the the different thing is starting from

here uh terapform plan destroy out tf

plan uh hyphen destroy so basically as

per the development

uh it will create one terapform plan

file uh to indicates what it's going to

uh create on AWS sites and in cleanup we

have mentioned mentioned the plan

destroy and prepare uh prepared the uh

TF plan. So basically it will keep the

data what is going to destroy in this

file and in the next step we are just uh

skipping the uh manual approval and uh

and we are telling to the terapform to

destroy the uh resources uh it mentioned

in this file terapform uh terapform

plan. So just push it to the GitHub

[clears throat] at

file

created

push

origin.

Okay, we pushed to our GitHub account.

Let's see. And as we have mentioned

inside our deployment

file on on every push uh on every push

into the main branch, it will start it

it basically triggers the job we have

mentioned here. So you see it's in

pending state and performing all of the

steps again. It's good good. Okay, it's

done with the

all of its job. So let's go back to our

repository workflows. Here you see

cleanup.ml file view runs.

Okay. Uh you see terraform cleanup run

workflow

branch. Okay.

Let's go back to repository.

You see it's succeed. Okay. Here you see

uh it's completed terapform cleanup. And

if we go back

you see uh it's not present here.

So it's good uh as we are done with our

uh resource deletion part and uh our

GitHub action code was working fine. So

that's it for the today and if you found

it helpful please make sure to hit the

like button, comment and subscribe for

more DevOps content every week and uh

see you in the next

[music]

>> [music]