We use Terraform to create an Azure resource group with a MySQL database and an Azure App Service web application.
You will probably want to customize your application name, and maybe your resource group name: edit the terraform/variables.tf
for this.
To create your Azure resources, install Terraform and run it:
cd terraform
terraform init
terraform apply
cd ..
To delete your resources, you will also be able to use Terraform:
cd terraform
terraform destroy
cd ..
To deploy the application, you will need to edit the pom.xml
and edit the azure-webapp-maven-plugin
plugin
section, in order to configure the resource group and the application name (which should be the same as
the ones configured in Terraform).
Then, deploy the application by running:
./mvnw com.microsoft.azure:azure-webapp-maven-plugin:1.12.0:deploy
Create a service principal to deploy to Azure.
Important
Make sure you assign the name of your resource group to the variable AZ_RESOURCE_GROUP
or substitute the value for it in the commands below.
Replace yourServicePrincipalName
with a name of your service principal you choose.
RESOURCE_ID=$(az group show --name "$AZ_RESOURCE_GROUP" --query id -o tsv)
az ad sp create-for-rbac --name "yourServicePrincipalName" --role contributor --scopes "$RESOURCE_ID" --sdk-auth
This command will return JSON - copy it and keep it safe as we'll use it in the next step:
{
"clientId": "XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX",
"clientSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"subscriptionId": "XXXXXXXXX-XXXXX-XXXX-XXXX-XXXXXXXXXXXXX",
"tenantId": "XXXXXXXX-XXXXX-XXXX-XXXX-XXXXXXXXXXX",
...
}
Once you have the required ID and Secrets, the next step is to add them the secret store in your GitHub project.
GitHub repositories have a feature known as Secrets that allow you to store sensitive information related to a project. For this exercise, store three secrets – AZURE_CLIENT_ID
, AZURE_CLIENT_SECRET
, AZURE_SUBSCRIPTION_ID
, and AZURE_TENANT_ID
.
You'll create these secrets because they'll be used by Terraform to authenticate to Azure.
To create the secrets, fork the GitHub repository, select the Settings
menu and then on Secrets
.
Create a GitHub secret for each of four secrets using the values returned the Azure service principal.
Inside the project directory, you'll see a directory called .github/workflows
and a file called main.yml
in it.
This file is a GitHub workflow and will use the secret we configured above to deploy the application to your Azure subscription.
In that file, you'll see the following content:
name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
jobs:
terraform:
runs-on: ubuntu-latest
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{secrets.AZURE_CLIENT_SECRET}}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
defaults:
run:
working-directory: ./terraform
steps:
- uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan
- name: Terraform Apply
run: terraform apply -auto-approve
This workflow does the following actions:
- Check whether the configuration is formatted properly
- generate a plan for every pull requests
- apply the configuration when you update the GitHub branch
Your workflow will be triggered whenever code is pushed to the repository.
You can now manually trigger the GitHub Actions workflow by going to "Actions", then select the terraform workflow. Then, select the "Terraform" workflow. Notice how the "Terraform Init", "Terraform Plan" and "Terraform Validate" steps have been triggered. Verify your Azure App Instance is publicly available.
Use Maven, to deploy to your Azure instance.
./mvnw com.microsoft.azure:azure-webapp-maven-plugin:1.12.0:deploy
Remove the resources:
terraform destroy
Each time you git push
your code, your TerraForm provisioned resources are now automatically deployed to production.