Time to get your hands dirty with Terraform! In this demo, you will learn how to use Terraform to create and manage a GitHub repository, similar to how we release your homeworks!
Before running this example, you will need the following:
- A GitHub account
- A GitHub personal access token with the following scopes:
repo,admin:org,admin:repo_hook,admin:org_hook, andread:user(Create GitHub PAT Instructions)- You can store this somewhere safe for now, we'll be needing it very soon!
- Terraform installed on your computer (Terraform Installation Page)
First, look around you and find a partner (or two)! You'll be working together to try to figure out the second part of this demo.
We provided some terraform configuration files for you to use. You can find them in the terraform directory. Oftentimes, you want to keep all of your terraform configuration files in a single directory so that you can easily run terraform commands from that directory. In this case, we've provided the terraform configuration files for you, so you don't need to create any new files.
Starting from the main.tf file, take a look at the files and try to figure out what they do. You can also take a look at the Terraform documentation if you need help.
Now that you've had a chance to look at the terraform configuration files, it's time to try to run them! You'll need to do the following:
- Run the following command to initialize your Terraform project:
cd terraform
terraform init- Run the following command to preview the changes that Terraform will make:
terraform plan- Run the following command to apply the changes:
terraform applyThis will create a private repository named "cis1880-team-project" in your GitHub account. The collaborators specified in the main.tf file will be invited to the repository as well.
Check your GitHub account to make sure that the repository were created successfully.
Once you've verififed that Terraform performed all of the proper changes on GitHub, if we now run terraform plan again, Terraform will tell you that there are no more changes to be made:
No changes. Your infrastructure matches the configuration.This is because Terraform is declarative and recognizes that you have already achieved the desired state outlined in your Terraform files. Likewise, if you were to run terraform apply, Terraform would not make any further changes because you are already in your desired state.
Notice that when you run terraform plan and terraform apply, you are prompted to enter your Github personal access token. While this is fine for a demo, it's not ideal for a real project (where we want to keep track of the PAT somewhere instead of having to enter it every time we run terraform commands).
How do we fix this? We want to load it into a file called terraform.tfvars. Create a terraform.tfvars file in the terraform directory and add your GitHub personal access token to it.
Learn more about Terraform Variables here.
- Run
terraform applyagain Success, you don't have to enter your GitHub personal access token every time you run terraform commands!
Now that you've seen how to use terraform to create a repository, it's time to try to write some terraform yourself!
Let's add a TA or instructor to your repository, and give them read-only access. You can also remove members from the list if you'd like.
You can use the Terraform Input Variables Documentation to help you figure out how to do this.
Right now, the list of collaborators is stored in plain text in the main.tf file. In CIS 1880, we don't want to do that because we don't want to commit the PennKeys and GitHub usernames of all of our students for the world to see. Instead, we want to store the list of collaborators in a secret variable.
Modify the file so that the list of collaborators is also stored in terraform.tfvars and not in main.tf.
You may notice that when running terraform apply, it showed you the url of the repository that was created. This is because we specified an output value in the main.tf file. Try to view this variable by itself using terraform output.
Now, make the output value of the repository URL a sensitive value, then change something in the main.tf file and run terraform apply again. You should notice that the output value is now hidden.
In main.tf, you may have noticed that we have a local variable called repository_name, which both specifies the name field of the github_repository resource and the repository field of the github_repository_collaborator resource.
However, is there a way to get rid of this local variable? Can we use the input of the github_repository resource as the input to the github_repository_collaborator resource?
When you're finished, you can run the following command to destroy the resources:
terraform destroy