Use azure storage as backend for terraform state with Github actions

Overview

Let’s see how to use Azure Storage account as backend in Terraform with github actions.

Steps

1. Replace your-working-directory with your directory
2. iamtheyammer/branch-env-vars@v1.2.2 will swap ENV_NAME value on your branch, For example:

• If your branch name is dev, then ENV_NAME will be dev
• If your branch name is prod, then ENV_NAME will be prod

4. Add Azure configs in Github secret

5. Then add,

• RESOURCE_GROUP_NAME = some-resource-name
• STORAGE_ACCOUNT_NAME = some-storage-account-name
• CONTAINER_NAME = some-container-name-${{ env.ENV_NAME }}

6. Full code:

My-New-Service:
  runs-on: ubuntu-latest
  env:
    ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
    ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
    ARM_USE_OIDC: true

  defaults:
    run:
      shell: bash
      working-directory: your-working-directory
  steps:
    - name: Checkout
      uses: actions/checkout@v4

    - name: Branch-based environment variables that rock
      uses: iamtheyammer/branch-env-vars@v1.2.2
      with:
        bevOverwrite: true
        ENV_NAME: |
          dev:dev
          prod:prod

    - name: 'Az CLI login'
      uses: azure/login@v2
      with:
        client-id: ${{ secrets.AZURE_CLIENT_ID }}
        tenant-id: ${{ secrets.AZURE_TENANT_ID }}
        subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v3
      with:
        terraform_version: latest
        terraform_wrapper: false

    - name: Add terraform resources
      id: outputs
      run: |
        RESOURCE_GROUP_NAME = some-resource-name
        STORAGE_ACCOUNT_NAME = some-storage-account-name
        CONTAINER_NAME = some-container-name-${{ env.ENV_NAME }}

        # Create resource group
        az group create --name $RESOURCE_GROUP_NAME --location eastus

        # Create storage account
        az storage account create --resource-group $RESOURCE_GROUP_NAME --name $STORAGE_ACCOUNT_NAME --sku Standard_LRS --encryption-services blob

        # Create blob container
        az storage container create --name $CONTAINER_NAME --account-name $STORAGE_ACCOUNT_NAME

        ACCOUNT_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)
        export ARM_ACCESS_KEY=$ACCOUNT_KEY      

    - name: Terraform Init
      id: init
      run: terraform init

    - name: Terraform Validate
      id: validate
      run: terraform validate

    - name: Terraform Plan
      id: plan
      run: terraform plan
      continue-on-error: true

    - name: Terraform Apply
      run: terraform apply -auto-approve

    - name: Terraform Output
      run: terraform output