modernisation-platform icon indicating copy to clipboard operation
modernisation-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

Make use of Terraform Plan artifacts in Github Actions

Open dms1981 opened this issue 3 years ago • 1 comments

User Story

As a platform engineer I want to refactor our terraform plan & apply stages So that our CI jobs create and consume plan artefacts during terraform runs

Value

  • We can reduce the length of time taken for terraform runs; by creating and consuming plan artefacts we don't need to have terraform apply run its own separate plan
  • We can be sure that the terraform apply action will only make changes listed in the plan step; by running apply without consuming a plan artefact there is a small chance that the apply stage will make changes not seen in plan should something change in the environment between those CI stages

Questions / Assumptions

How long will plan artefacts persist? How should plan artefacts be held securely? What risk is there of exposing information we would prefer to keep secret?

Definition of done

  • [ ] terraform runs output plan artefacts
  • [ ] plan artefacts are expired after a reasonable length of time
  • [ ] terraform runs consume plan artefacts
  • [ ] terraform runs complete successfully

Reference

How to write good user stories (https://medium.com/@dnorth98/automated-terraform-deployments-to-aws-with-github-actions-c590c065c179)

dms1981 avatar Jan 12 '22 15:01 dms1981

We actually do make use of plan outputs in our modernisation-platform-environments workflows now.

dms1981 avatar Sep 19 '23 10:09 dms1981