Start Developing: Introduction

This solution will be handled using Terraform Cloud, GitHub Actions and configuration management.

Each service will be configured and delivered through the DevOps platform. These steps assume that you have a GitHub repository and Subscriptions in Microsoft Azure or Google Cloud Platform, and a corresponding managed identity with key vault.

NOTE: Seagen preferred cloud provider is always Microsoft Azure.

How to Get Started

  1. Using the Terraform Registry for Azure, find the module that you need to create your cloud resource

  2. Create a repository in GitHub and add a ‘terraform’ folder in the repository

  3. Checkout the repository from GitHub into your environment using VS Code or your IDE

  4. Create a branch from the repository ‘main’ branch

  5. Create a folder per resource that you will deliver to the cloud. Each resource should be independently deployable.

  6. Copy the main.tf and variables.tf files from the registry into the 'terraform/<resourcetype>' folder in your branch

    1. note if you have 5 resources being deployed, you will have 5 folders, one for each resource

  7. Change the configuration of the main.tf and update the variables.tf files for each resource

  8. Ensure you have a Key Vault that has access to your subscription (see above)

  9. Assign any keys to the Key Vault using a consistent naming convention. Not using a Key Vault will fail your builds.

  10. Write some unit tests to evaluate the health of your resource after it deploys to Azure. All code should have some tests.

  11. After configuration, create a pull request for your changes.

  12. A reviewer evaluates the pull request and either requests changes or approves it

  13. Once the build compiles and runs, it will merge your changes into the main branch and deploy the resource(s)

  14. Terraform will evaluate the .tf files for consistency and syntax and either pass or fail the pipeline

  15. Next, Terraform triggers GitHub Actions which scan your code for credentials, vulnerabilities, security holes, etc.

  16. Note that any Critical or High vulnerabilities will fail your build. Use Snyk to understand what needs to happen to fix the code and remediate the issue.

  17. If everything passes, the pipeline runs and delivers your code to the cloud.

  18. You can choose to keep your branch or discard it.

  19. For other changes, every time you create a pull request, your changes will build, the pipeline will run, scans, tests, and verification steps run and the resources delivered to the cloud.