This repository contains a GitHub Actions workflow for managing Linux Virtual Machines in Azure using Terraform. The workflow implements a complete CI/CD pipeline with appropriate security measures and approval gates.
Triggers
- Manual Trigger (workflow_dispatch) Choice between deploy and destroy
- Pull Request Trigger Target branches: main, feature/**
- PR Verification
Automated checks for pull requests including:
- Terraform format validation
- Infrastructure code initialization
- Configuration validation
- TFLint analysis
- Plan generation
- Automated PR comments with results
- Verification
Pre-deployment checks:
- Required secrets validation
- Azure storage account verification
- Azure connectivity testing
- Plan Generation
Infrastructure planning:
- Terraform initialization
- Plan creation
- Artifact storage
- Plan documentation
- Apply (Protected)
Controlled deployment:
- Requires manual approval via GitHub Environment
- Uses saved plan from previous stage
Ensures reviewed changes only
Required Secrets:
- CLIENT_ID
- SSH_PUBLIC_KEY
- SUBSCRIPTION_ID
- TENANT_ID
- VIRTUAL_MACHINE_ADMIN_PASSWORD
Protection Measures
- Environment protection rules
- Required reviewers for deployments
- Encrypted state management
- Azure RBAC integration
- Secure secret handling
Prerequisites:
- Azure Subscription
- GitHub Repository
- Configured GitHub Secrets
- Azure Storage Account for Terraform State
Deployment:
- Create a new feature branch
- Make infrastructure changes
- Create pull request
- Wait for automated checks
- Get PR approval
- Merge to main
- Trigger manual deployment
- Approve in production environment
- Always review Terraform plans
- Use feature branches for changes
- Ensure proper secret management
- Follow PR review process
- Monitor deployment status
This README was generated with the assistance of GitHub Copilot on June 15, 2025.