Automating Cloud Run Deployment for a Hello World App Using Terraform and GitHub Actions

Automating Cloud Run Deployment for a Hello World App Using Terraform and GitHub Actions

Introduction: As cloud engineers, automation is at the core of our workflow optimization efforts. In this blog post, we will guide you through the process of automating the deployment of a simple "Hello World" application on Google Cloud Run using Terraform and GitHub Actions. We'll cover the step-by-step implementation of provisioning the necessary resources, setting up the CI/CD pipeline, and achieving a seamless and efficient deployment process.

Prerequisites: Before diving into the technical details, ensure that you have the following prerequisites in place:

1. A Google Cloud Platform (GCP) account with appropriate permissions to create resources like Google Cloud Run services.

2. A GitHub account with a repository set up to manage your Terraform code.

Repo Structure: To maintain an organized project structure, we'll follow this directory structure within our GitHub repository: GitHub-repo

You can simply clone my public repository: GitHub-repo

Terraform Configuration: Let's explore the details of each component of our Terraform code:

main.tf: The main.tf file defines the Terraform configuration for provisioning a Google Cloud Run service. It specifies the container image to deploy and sets up access permissions using IAM policies.

resource "google_cloud_run_service" "cloud-run-tf" {
  name     = "cloud-run-tf"
  location = "us-central1"

  template {
    spec {
      containers {
        image = "us-docker.pkg.dev/cloudrun/container/hello"
      }
    }
  }
}

resource "google_cloud_run_service_iam_policy" "pub1-access" {
  service = google_cloud_run_service.cloud-run-tf.name
  location = google_cloud_run_service.cloud-run-tf.location
  policy_data = data.google_iam_policy.pub-1.policy_data
}

data "google_iam_policy" "pub-1" {
  binding {
    role = "roles/run.invoker"
    members = ["allUsers"]
  }
}

provider.tf The provider.tf file configures the Terraform provider for Google Cloud. It specifies the necessary details such as the required provider version, project ID, region, and zone.

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "4.58.0"
    }
  }
  backend "gcs" {
    bucket  = "your-backend-bucket" // Replace with your backend bucket name
    prefix  = "terraform/state"
  }
}

provider "google" {
  project = "project-id" // Replace with your project ID
  region  = "us-central1" // Replace with your desired region
  zone    = "us-central1-c" // Replace with your desired zone
}

GitHub Actions Workflow: The .github/workflows/terraform.yml file sets up the CI/CD pipeline for automating the infrastructure deployment process. It defines stages, jobs, and associated scripts to perform tasks such as validation, planning, applying, and destroying Terraform changes.

name: "Deploy to Cloud Run"

on:
  push:
    branches:
      - main

jobs:
  terraform:
    name: "Terraform"
    runs-on: ubuntu-latest
    env:
      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
    defaults:
      run:
        working-directory: terraform
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: 1.0.1
          terraform_wrapper: false

      - name: Terraform Init
        id: init
        run: terraform init

      - name: Terraform Format
        id: fmt
        run: terraform fmt 
        
      - name: Terraform Plan
        id: plan
        run: terraform plan 

      - name: Terraform Apply
        id: apply
        run: terraform apply -auto-approve

      #- name: Terraform Destroy
        #id: destroy
        #run: terraform destroy -auto-approve

Implementation Steps: With the configurations in place, let's walk through the implementation steps:

1. Set up GitHub Repository: Create a new repository on GitHub or use an existing one to host your Terraform code. If needed, clone this repository: GitHub-repo

2. Configure GCP Provider: In the Terraform provider.tf file, configure the GCP provider with your backend bucket, project ID, region, and zone.

3. Set Secrets in GitHub: In your GitHub repository, navigate to Settings > Secrets > New repository secret. Add a new secret named "GOOGLE_CREDENTIALS" and paste the contents of your Google Cloud service account key file into the value field. This securely provides the necessary credentials for Terraform to authenticate with GCP.

Note: Ensure that there are no whitespace characters in your token content before pasting it.

4. Run the GitHub Actions Workflow: Commit and push your Terraform code to the GitHub repository. The GitHub Actions workflow will automatically trigger, executing the defined stages and jobs.

5. Verify Resource Creation in GCP: Check the Google Cloud Run console to confirm the successful deployment of your "Hello World" application.

Conclusion: In this blog post, we successfully automated the deployment of a "Hello World" application on Google Cloud Run using Terraform and GitHub Actions. By following the outlined steps and configurations, you can efficiently manage and automate your GCP resources. Remember to regularly update your Terraform code and pipeline to reflect any changes in your cloud infrastructure requirements. By combining Terraform and GitHub Actions, you can streamline cloud workflows, enhance consistency, and reduce manual intervention. Happy automating!