Within GitHub Actions, there are two primary methods for accessing multiple private Terraform module repositories during runtime. Currently, I’ve documented and thoroughly tested two approaches:
- Deploy Keys : Leveraging deploy keys offers a straightforward method. Each repository can be associated with its own deploy key, ensuring secure access while maintaining repository-specific permissions.
- GitHub App Integration (Covered in this Post) : Alternatively, you can utilize a GitHub App to manage access. This approach provides a more centralized means of controlling access to multiple repositories, offering enhanced manageability and scalability.
While these are the methods I’ve focused on, it’s worth noting that other approaches may exist, but these two have been extensively researched and validated.
Utilizing deploy keys for this purpose can become cumbersome as the number of repositories increases, especially considering that each repository requires its own unique deploy key. Managing multiple deploy keys can lead to complexity and potential maintenance challenges. Below is the information you’ll need to update in the configuration file
To circumvent this complexity, we can adopt the GitHub approach outlined below, following a step-by-step guide.
- Navigate to GitHub Settings: Sign in to your GitHub account and navigate to “Settings.”
- Select “Developer settings”: Within the settings menu, find and click on “Developer settings.”
- Choose “GitHub Apps”: In the developer settings, locate and select “GitHub Apps” from the sidebar menu.
- Click “New GitHub App”: On the GitHub Apps page, click on the “New GitHub App” button.
- Provide App Details: Fill out the necessary details for your GitHub App, including the following:
- Name: Choose a name for your GitHub App.
- Description: Provide a brief description of your GitHub App.
- Homepage URL: Optionally, provide a URL for the homepage of your GitHub App.
- Webhook URL: Disable it
- Permissions: Select the permissions your GitHub App needs to access repositories and other resources.
- Events: Choose the events your GitHub App should be subscribed to.
- Webhook Secret: Optionally, provide a secret for securing webhook payloads.
You need to follow below steps further
- Generate Private Key: Generate a private key for your GitHub App. This key will be used to authenticate your GitHub App when making API requests.
- Install App on GitHub Account or Organization: Once you’ve created your GitHub App, you’ll need to install it on your GitHub account or organization to grant it access to repositories and other resources.
- Configure App Settings: After installation, you may need to configure additional settings for your GitHub App, such as specifying repository access permissions.
We’ll integrate and test the GitHub App within our GitHub Actions workflow. To proceed, create two secret variables either at the repository level or the organization level. These variables will be utilized during the workflow execution.
TERRAFORM_APP_ID App id of GitHub App you just created
TERRAFORM_PRIVATE_KEY :Private key you just generated for GitHub App
Cloud with lalit 
Leave a comment