From 3790a07556e35e4b0e8f08840608bce53f181c6f Mon Sep 17 00:00:00 2001 From: Elad Iwanir <13205761+eladiw@users.noreply.github.com> Date: Tue, 25 May 2021 15:25:34 +0300 Subject: [PATCH 1/4] adding Github (actions) support --- .../.envrc.template | 8 + .../.gitignore | 34 ++++ .../README.md | 192 ++++++++++++++++++ .../github-actions-bootstrap-iac-cicd/acr.tf | 39 ++++ .../azure.tf | 59 ++++++ .../backend.tf | 5 + .../environment/azure.tf | 44 ++++ .../environment/github.tf | 56 +++++ .../environment/variables.tf | 30 +++ .../github.tf | 42 ++++ .../outputs.tf | 12 ++ .../provider.tf | 22 ++ .../variables.tf | 20 ++ .../gitlab-bootstrap-iac-cicd/README.md | 2 +- 14 files changed, 564 insertions(+), 1 deletion(-) create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/.envrc.template create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/.gitignore create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/README.md create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/acr.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/azure.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/backend.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/environment/azure.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/environment/variables.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/github.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/outputs.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/provider.tf create mode 100644 infra/templates/github-actions-bootstrap-iac-cicd/variables.tf diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/.envrc.template b/infra/templates/github-actions-bootstrap-iac-cicd/.envrc.template new file mode 100644 index 00000000..548523e7 --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/.envrc.template @@ -0,0 +1,8 @@ +export GITHUB_TOKEN="..." +export TF_VAR_location="..." +export TF_VAR_prefix="..." + +# Backend state configuration. Uncomment after configuring backend state. +# export ARM_ACCESS_KEY="..." +# export ARM_ACCOUNT_NAME="..." +# export ARM_CONTAINER_NAME="..." diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/.gitignore b/infra/templates/github-actions-bootstrap-iac-cicd/.gitignore new file mode 100644 index 00000000..9459ce81 --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/.gitignore @@ -0,0 +1,34 @@ +# Created by https://www.toptal.com/developers/gitignore/api/terraform +# Edit at https://www.toptal.com/developers/gitignore?templates=terraform + +### Terraform ### +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# End of https://www.toptal.com/developers/gitignore/api/terraform \ No newline at end of file diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/README.md b/infra/templates/github-actions-bootstrap-iac-cicd/README.md new file mode 100644 index 00000000..ebeef98d --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/README.md @@ -0,0 +1,192 @@ +# Bootstrap for Terraform deployments through Github actions into Azure + +This directory contains [Terraform](https://www.terraform.io/) templates that can bootstrap Azure and Github resources in a way that enables running robust CICD of [Terraform](https://www.terraform.io/) templates using [Github CICD](https://github.com/features/actions). After applying this template, automated CI of terraform deployments should **just work**. + +> **Note**: This template is intended to be used alongside the CICD pipeline for infrastructure using Github. + +At a high level, this template aims to: + +* Deploy Azure Dependencies required for automated CICD of Terraform deployments +* Configure variables in Github required for automated CICD of Terraform deployments +* Configure dependencies for each a multistage (`dev`, `integration`, `prod`, etc...) Terraform deployment + +> **Note**: This template only sets up the **dependencies** needed to do a production ready infrastructure deployment, such as backend state, deployment credentials, Azure Contianer Reigstry and Github variables. + +There are many things deployed by this template, including: + +* Backend state storage account +* Backend state containers for this deployment +* ACR for storing docker images +* Github variables needed for all deployments +* For each deployment environment + * Backend state container + * Service principal used for deployments to that environment + * Resource group + * Role based security + +## Identities/Credentials Configured + +This template will generate some credentials, which are enumarated blow: + +| Description | Reason | Notes | +| --- | --- | --- | +| ACR Push/Pull | Needed by the pipeline that builds the base image used by all of the infrastructure CICD in Github | N/A | +| Environment Deploy | Needed by each environment to execute a deployment of resources into Azure | One generated for each environment | + +## Usage + +There are a few use cases for the code in this repository. The sections below outline the usage for each of those cases + +### First Time Setup + +Among the many resources provisioned by this template is the [Backend Configuration](https://www.terraform.io/docs/backends/index.html) that hosts the [Terraform State](https://www.terraform.io/docs/state/index.html) for this template, as well as the state for each deployment. + +Because of this, we cannot have the backend state configured for the initial deployment of this template. These steps will take you through the following: + +* Initial deployment of this template +* Enable the backend state for this deployment + +#### Requirements + +* `terraform` will need to be installed. Version `v0.12.28` or newer is recommended +* A shell environment, preferrably bash +* A Github personal access token. Instructions for generating one can be found [here](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token). The token will need the `workflow` permission. +* An Azure subscription + +#### Deployment Steps + +**Disable backend state** + +For the first deployment, the contents of `backend.tf` will need to be commented out. Don't worry -- we'll uncomment this later. + +**Configure your environment** +```bash +# Required to configure variables in Github +export GITHUB_TOKEN="..." + +# The location in which to provision Azure resources +export TF_VAR_location="..." + +# The prefix used for naming resources in Azure +export TF_VAR_prefix="..." + +# Log into the Azure CLI +az login + +# Set your default subscription - this will dictate where resources will be provisioned +az account set --subscription "" +``` + +**Run the deployment** + +> **Note**: If you see a log about `Initializing the backend...`, make sure that you followed the steps to disable the backend state. + +```bash +# Initialize the Terraform environment +terraform init + +# See what the deployment will do. No changes will be applied, but you can review the changes that will be applied in the next step +terraform plan + +# Deploy the changes +terraform apply +``` + +**Enable backend state** + +Enabling backend state will store the deployment state in Azure. This will allow others to run the deployment without you needing to worry about the state configuration. + +Start by uncommenting the contents of `backend.tf`, then run the following: + +```bash +export ARM_ACCESS_KEY=$(terraform output backend-state-account-key) +export ARM_ACCOUNT_NAME=$(terraform output backend-state-account-name) +export ARM_CONTAINER_NAME=$(terraform output backend-state-bootstrap-container-name) + +# Initialize the deployment with the backend +terraform init -backend-config "storage_account_name=${ARM_ACCOUNT_NAME}" -backend-config "container_name=${ARM_CONTAINER_NAME}" +``` + +You should see something along the lines of the following, to which you want to answer `yes`: + +```bash +Do you want to copy existing state to the new backend? +``` + +If things work, you will see the following message and the state file should end up in Azure: + +```bash +Successfully configured the backend "azurerm"! Terraform will automatically +use this backend unless the backend configuration changes. +``` + +### Deploying the Infrastructure + +Now that Azure and Github have been configured to support the Terraform deployment, you will need to do the following to actually deploy the environment. + +**Trigger IAC Pipeline** + +You are now ready to kick off a deployment of the IAC pipeline! You can do this through the Github actions UI. + +### Rotate Service Principal Passwords + +If the need arises to rotate the credentials for any of the generated service principals, the following command can be used to quickly rotate the credentials and also update all configuration in Github: + +```bash +# configure environment (.envrc.template) + +az login +az account set --subscription "" + +terraform init -backend-config "storage_account_name=${ARM_ACCOUNT_NAME}" -backend-config "container_name=${ARM_CONTAINER_NAME}" + +# `taint` all passwords - this triggers Terraform to regenerate these and update all dependent configuration +terraform state list | grep random_password | xargs -L 1 terraform taint +terraform plan + +# Note: this command might fail due to the rapid create/delete on Azure resources. If it fails, re-running it +# should solve the issue +terraform apply +``` + +Done! + + +### Adding a new environment + +Now that Azure and Github have been configured to deploy resources through Terraform, you can easily configure Azure and Github to support new application stages (environments) by using the `environment` module. + +> **Note**: This will only set up Azure and Github to support a new environment. The environment will need to be deployed using the infrastructure deployments project (not covered here). + +This guide will take you through configuring Azure and Github to support a new `pre-prod` environment. + +**Add a new environment** + +You will need to open `azure.tf` to configure a new environment. A new environment can be configured by adding the following to the bottom of the file: + +```hcl +module "preprod" { + source = "./environment" + acr_id = azurerm_container_registry.acr.id + environment_name = "preprod" + location = var.location + subscription_id = data.azurerm_client_config.current.subscription_id + backend_storage_account_name = azurerm_storage_account.ci.name + prefix = var.prefix +} +``` + +You will then need to execute the following: + +```bash +# configure environment (.envrc.template) + +az login +az account set --subscription "" + +terraform init -backend-config "storage_account_name=${ARM_ACCOUNT_NAME}" -backend-config "container_name=${ARM_CONTAINER_NAME}" +terraform plan +terraform apply +``` + +Done! diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/acr.tf b/infra/templates/github-actions-bootstrap-iac-cicd/acr.tf new file mode 100644 index 00000000..6060226f --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/acr.tf @@ -0,0 +1,39 @@ +resource "azurerm_container_registry" "acr" { + name = format("acr%s", random_string.rand.result) + resource_group_name = azurerm_resource_group.ci.name + location = azurerm_resource_group.ci.location + sku = "Basic" +} + +resource "azuread_application" "acr" { + name = format("acr-push-%s", random_string.rand.result) +} + +resource "azuread_service_principal" "acr" { + application_id = azuread_application.acr.application_id +} + +resource "random_password" "acr" { + length = 35 + upper = true + lower = true + special = false +} + +resource "azuread_service_principal_password" "acr" { + service_principal_id = azuread_service_principal.acr.id + value = random_password.acr.result + end_date_relative = "2400h" +} + +resource "azurerm_role_assignment" "acr_push" { + scope = azurerm_container_registry.acr.id + role_definition_name = "AcrPush" + principal_id = azuread_service_principal.acr.id +} + +resource "azurerm_role_assignment" "acr_pull" { + scope = azurerm_container_registry.acr.id + role_definition_name = "AcrPull" + principal_id = azuread_service_principal.acr.id +} diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/azure.tf b/infra/templates/github-actions-bootstrap-iac-cicd/azure.tf new file mode 100644 index 00000000..5bfdbbc1 --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/azure.tf @@ -0,0 +1,59 @@ +resource "random_string" "rand" { + length = 4 + special = false + number = false + upper = false +} + +resource "azurerm_resource_group" "ci" { + name = format("rg-%s-ci", var.prefix) + location = var.location +} + +resource "azurerm_storage_account" "ci" { + name = format("backendstate%s", random_string.rand.result) + resource_group_name = azurerm_resource_group.ci.name + location = azurerm_resource_group.ci.location + + min_tls_version = "TLS1_2" + account_tier = "Standard" + account_replication_type = "LRS" +} + +resource "azurerm_storage_container" "tfstate" { + name = "tfstate-terraform-bootstrap" + storage_account_name = azurerm_storage_account.ci.name + container_access_type = "private" +} + +data "azurerm_client_config" "current" {} + +module "dev" { + source = "./environment" + acr_id = azurerm_container_registry.acr.id + environment_name = "dev" + location = var.location + subscription_id = data.azurerm_client_config.current.subscription_id + backend_storage_account_name = azurerm_storage_account.ci.name + prefix = var.prefix +} + +module "integration" { + source = "./environment" + acr_id = azurerm_container_registry.acr.id + environment_name = "integration" + location = var.location + subscription_id = data.azurerm_client_config.current.subscription_id + backend_storage_account_name = azurerm_storage_account.ci.name + prefix = var.prefix +} + +module "prod" { + source = "./environment" + acr_id = azurerm_container_registry.acr.id + environment_name = "prod" + location = var.location + subscription_id = data.azurerm_client_config.current.subscription_id + backend_storage_account_name = azurerm_storage_account.ci.name + prefix = var.prefix +} diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/backend.tf b/infra/templates/github-actions-bootstrap-iac-cicd/backend.tf new file mode 100644 index 00000000..4b13e24b --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/backend.tf @@ -0,0 +1,5 @@ +terraform { + backend "azurerm" { + key = "tf-bootstrap.tfstate" + } +} diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/environment/azure.tf b/infra/templates/github-actions-bootstrap-iac-cicd/environment/azure.tf new file mode 100644 index 00000000..879e4c0d --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/environment/azure.tf @@ -0,0 +1,44 @@ +locals { + full_name = format("%s-%s", var.prefix, var.environment_name) +} + +resource "azurerm_resource_group" "rg" { + location = var.location + name = "rg-${local.full_name}" + tags = { + environment = var.environment_name + } +} + +resource "azuread_application" "app" { + name = "sp-${local.full_name}" +} + +resource "azuread_service_principal" "sp" { + application_id = azuread_application.app.application_id +} + +resource "random_password" "sp" { + length = 35 + upper = true + lower = true + special = false +} + +resource "azuread_service_principal_password" "sp" { + service_principal_id = azuread_service_principal.sp.id + value = random_password.sp.result + end_date_relative = "2400h" +} + +resource "azurerm_role_assignment" "rg-owner" { + scope = azurerm_resource_group.rg.id + role_definition_name = "Owner" + principal_id = azuread_service_principal.sp.id +} + +resource "azurerm_storage_container" "tfstate" { + name = format("tfstate-%s", var.environment_name) + storage_account_name = var.backend_storage_account_name + container_access_type = "private" +} diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf b/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf new file mode 100644 index 00000000..5ed75be4 --- /dev/null +++ b/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf @@ -0,0 +1,56 @@ + +#locals { +# tf_vars_file = < Date: Wed, 26 May 2021 15:41:22 +0300 Subject: [PATCH 2/4] adding missing vars --- .../environment/github.tf | 66 ++++++++----------- .../github.tf | 12 ++++ 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf b/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf index 5ed75be4..51707f42 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf +++ b/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf @@ -1,11 +1,11 @@ -#locals { -# tf_vars_file = < Date: Sun, 6 Jun 2021 22:34:53 +0300 Subject: [PATCH 3/4] updating doc --- infra/templates/github-actions-bootstrap-iac-cicd/README.md | 2 +- infra/templates/gitlab-bootstrap-iac-cicd/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/README.md b/infra/templates/github-actions-bootstrap-iac-cicd/README.md index ebeef98d..895dd82c 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/README.md +++ b/infra/templates/github-actions-bootstrap-iac-cicd/README.md @@ -50,7 +50,7 @@ Because of this, we cannot have the backend state configured for the initial dep * `terraform` will need to be installed. Version `v0.12.28` or newer is recommended * A shell environment, preferrably bash -* A Github personal access token. Instructions for generating one can be found [here](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token). The token will need the `workflow` permission. +* A Github personal access token. Instructions for generating one can be found [here](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token). The token will need both the `workflow` permission and Owner permissions for the Azure subscription OR resource group. * An Azure subscription #### Deployment Steps diff --git a/infra/templates/gitlab-bootstrap-iac-cicd/README.md b/infra/templates/gitlab-bootstrap-iac-cicd/README.md index cbeefbd2..f9e5d286 100644 --- a/infra/templates/gitlab-bootstrap-iac-cicd/README.md +++ b/infra/templates/gitlab-bootstrap-iac-cicd/README.md @@ -50,7 +50,7 @@ Because of this, we cannot have the backend state configured for the initial dep * `terraform` will need to be installed. Version `v0.12.28` or newer is recommended * A shell environment, preferrably bash -* A Gitlab personal access token. Instructions for generating one can be found [here](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html). The token will need the `api` permission. +* A Gitlab personal access token. Instructions for generating one can be found [here](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html). The token will need both the `api` permission and Owner permissions for the Azure subscription OR resource group. * An Azure subscription #### Deployment Steps From 1cd55e4d69d8304a6f173bf7fbe7cc53c03fdba2 Mon Sep 17 00:00:00 2001 From: Elad Iwanir <13205761+eladiw@users.noreply.github.com> Date: Wed, 16 Jun 2021 12:07:09 +0300 Subject: [PATCH 4/4] removing hard coded repo name --- .../environment/github.tf | 12 ++++++------ .../environment/variables.tf | 5 +++++ .../github-actions-bootstrap-iac-cicd/github.tf | 14 +++++++------- .../github-actions-bootstrap-iac-cicd/outputs.tf | 1 + .../github-actions-bootstrap-iac-cicd/variables.tf | 5 +++++ 5 files changed, 24 insertions(+), 13 deletions(-) diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf b/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf index 51707f42..3e209980 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf +++ b/infra/templates/github-actions-bootstrap-iac-cicd/environment/github.tf @@ -8,37 +8,37 @@ EOF } resource "github_actions_secret" "sp_client_id" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = format("%s_ARM_CLIENT_ID", upper(var.environment_name)) plaintext_value = azuread_service_principal.sp.application_id } resource "github_actions_secret" "sp_client_secret" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = format("%s_ARM_CLIENT_SECRET", upper(var.environment_name)) plaintext_value = random_password.sp.result } resource "github_actions_secret" "tf_vars_file" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = format("%s_TF_VARS", upper(var.environment_name)) plaintext_value = local.tf_vars_file } resource "github_actions_secret" "storage_account" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = format("%s_AZURE_STORAGE_ACCOUNT_NAME", upper(var.environment_name)) plaintext_value = var.backend_storage_account_name } resource "github_actions_secret" "storage_container" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = format("%s_AZURE_STORAGE_ACCOUNT_CONTAINER", upper(var.environment_name)) plaintext_value = azurerm_storage_container.tfstate.name } resource "github_actions_secret" "storage_subscription" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = format("%s_AZURE_STORAGE_ACCOUNT_SUBSCRIPTION", upper(var.environment_name)) plaintext_value = var.subscription_id } diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/environment/variables.tf b/infra/templates/github-actions-bootstrap-iac-cicd/environment/variables.tf index 442bed9c..855f4199 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/environment/variables.tf +++ b/infra/templates/github-actions-bootstrap-iac-cicd/environment/variables.tf @@ -28,3 +28,8 @@ variable "prefix" { type = string description = "Naming prefix for resources in Azure" } + +variable "repository" { + type = string + description = "The Github repository" +} diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/github.tf b/infra/templates/github-actions-bootstrap-iac-cicd/github.tf index 14030b52..e93dd8c8 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/github.tf +++ b/infra/templates/github-actions-bootstrap-iac-cicd/github.tf @@ -12,43 +12,43 @@ EOF } resource "github_actions_secret" "registry" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "CI_REGISTRY" plaintext_value = azurerm_container_registry.acr.login_server } resource "github_actions_secret" "registry_user" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "CI_REGISTRY_USER" plaintext_value = azuread_service_principal.acr.application_id } resource "github_actions_secret" "registry_password" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "CI_REGISTRY_PASSWORD" plaintext_value = random_password.acr.result } resource "github_actions_secret" "docker_auth" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "DOCKER_AUTH_CONFIG" plaintext_value = local.docker_auth_json } resource "github_actions_secret" "storage_key" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "ARM_ACCESS_KEY" plaintext_value = azurerm_storage_account.ci.primary_access_key } resource "github_actions_secret" "sub_id" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "ARM_SUBSCRIPTION_ID" plaintext_value = data.azurerm_client_config.current.subscription_id } resource "github_actions_secret" "tenant_id" { - repository = "gh-actions-tf-bedrock" + repository = var.repository secret_name = "ARM_TENANT_ID" plaintext_value = data.azurerm_client_config.current.tenant_id } \ No newline at end of file diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/outputs.tf b/infra/templates/github-actions-bootstrap-iac-cicd/outputs.tf index 4eb625c2..c2f9f007 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/outputs.tf +++ b/infra/templates/github-actions-bootstrap-iac-cicd/outputs.tf @@ -5,6 +5,7 @@ output "backend-state-account-name" { output "backend-state-account-key" { value = azurerm_storage_account.ci.primary_access_key + sensitive = true } output "backend-state-bootstrap-container-name" { diff --git a/infra/templates/github-actions-bootstrap-iac-cicd/variables.tf b/infra/templates/github-actions-bootstrap-iac-cicd/variables.tf index 75877c8d..f53f22c4 100644 --- a/infra/templates/github-actions-bootstrap-iac-cicd/variables.tf +++ b/infra/templates/github-actions-bootstrap-iac-cicd/variables.tf @@ -18,3 +18,8 @@ variable "prefix" { type = string description = "Naming prefix for resources in Azure" } + +variable "repository" { + type = string + description = "The Github repository" +}