Skip to content

This is a working example of how to use GitHub Actions to run terraform with overmind impact analysis

License

Notifications You must be signed in to change notification settings

overmindtech/terraform-example

Repository files navigation

Overmind

Overmind Impact Analysis with GitHub Actions

https://overmind.tech
For the first time you don't have to wait for the worst when you push a change. Discover and detect the risks you can't see. Overmind gives you the insight of a post-mortem without the fallout of broken infra.


Discord Server

🎥 Watch a demo | 📖 How it works | 🚀 Sign up | 💻 Playground | 🙌 Follow us


This example repo shows how to run terraform on GitHub Actions and automatically submit each PR's changes to Overmind, reporting back the blast radius as a comment on the PR. You can see that in action in this PR.


Example Overmind report showing the expected changes and timeline for the example PR


Please note: You are unable to view the change in Overmind as it is a change tied to our personal account.

Forking this repo

If you would like to use this repo as an example. Follow these steps:

  1. Fork the repo
  2. Comment out the S3 section:
terraform {
  # backend "s3" {
  #   bucket         = "replaceme-with-a-unique-bucket-name"
  #   dynamodb_table = "overmind-tf-example-state"
  #   key            = "terraform-example.tfstate"

  #   region = "eu-west-2"
  # }
}
  1. Replace all instances of replaceme-with-a-unique-bucket-name in terraform.tf with a unique bucket name for your environment
  2. Replace repo:overmindtech/terraform-example:* with repo:[YOUR USERNAME]/terraform-example:*, replacing [YOUR USERNAME] with your Github username
  3. Run terraform init
  4. Run terraform plan to see what resources need to be set up
  5. Run terraform apply. This will set up the resources required for storing state and locks
  6. Un-comment the backend "s3" section from terraform.tf and run terraform init -migrate-state. This will migrate your state from your local device to S3
  7. Run terraform plan which should show no changes

Developer Notes

Some notes to get started with replicating this on your own setup.

  • Create AWS account

  • Configure AWS cli to access account

    • aws configure sso; docs
  • Setup the AWS_PROFILE environment variable to point at your local profile.

    • Note that because of this issue in terraform, the created ~/.aws/config needs to be adjusted (see especially this comment for details)
    • If you use VSCode Dev Containers, .devcontainer/devcontainer.json has guidance on how to permanently configure AWS_PROFILE and import your user's AWS config
  • Setup S3 and DynamoDB for remote state storage docs

    • follow the comments on the terraform{} block to bootstrap this in a new account
  • Configure OIDC access for github actions docs

  • Supply the ARN of the created role (terraform output terraform_deploy_role) as TERRAFORM_DEPLOY_ROLE and an Overmind API as OVM_API_KEY through the "Actions secrets and variables" page in the repo settings.

About

This is a working example of how to use GitHub Actions to run terraform with overmind impact analysis

Topics

Resources

License

Stars

Watchers

Forks