Terraform Pull Request Automation using Bitbucket

Pull request automation ensures that any changes proposed to your Terraform configurations are reviewed and approved before being merged, reducing the risk of potential errors, improving security, and maintaining a consistent infrastructure state. By automating this process, you can streamline your workflows and minimize human intervention.
February 14, 2023
min read
Yehonatan Rumyantsev
Cloud Specialist
Tags
No items found.
Related Resources
No items found.

TL;DR

Why Pull Request Automation?

Pull request automation ensures that any changes proposed to your Terraform configurations are reviewed and approved before being merged, reducing the risk of potential errors, improving security, and maintaining a consistent infrastructure state. By automating this process, you can streamline your workflows and minimize human intervention.

Prerequisites:

Before diving into the setup process, make sure you have the following:

  1. A Bitbucket account
  2. Terraform installed on your local machine
  3. A Terraform project hosted on Bitbucket

Setting Up Terraform Pull Request Automation with Bitbucket:To achieve this automation, we'll be using Bitbucket Pipelines, a powerful continuous integration and deployment feature built into Bitbucket.

Step 1: Enable Bitbucket Pipelines

  1. Navigate to your Bitbucket repository
  2. Click on the "Pipelines" tab in the left menu
  3. Click on "Enable" to activate Bitbucket Pipelines for your repository

Step 2: Configure the Pipeline

  1. Create a bitbucket-pipelines.yml file in the root directory of your Terraform repository
  2. Add the following contents to the file:
image: hashicorp/terraform:latest

pipelines:
 default:
   - step:
       name: Terraform Plan
       script:
         - terraform init
         - terraform plan
         - terraform plan -out=tfplan
         - terraform show -no-color -json tfplan > tfplan.json
         - terraform plan -detailed-exitcode || true

This configuration specifies that we want to use the latest Terraform image from the official HashiCorp Docker Hub, and it defines a pipeline with a single step that initializes, plans, and outputs the Terraform plan in JSON format.

Step 3: Add a Webhook for Pull Request Automation

  1. Navigate to your repository's "Settings" in Bitbucket
  2. Click on "Webhooks" in the left menu
  3. Click "Add webhook" and fill in the following details:
  4. Title: Terraform Pull Request Automation
  5. URL: [your_webhook_url]
  6. Triggers: Choose "Pull Request: Created" and "Pull Request: Updated"
  7. Click "Save"

Now, whenever a pull request is created or updated, the webhook will be triggered, and the Terraform plan will run as a part of the pipeline.

Step 4: Integrating the Output into the Pull RequestTo display the output of the Terraform plan directly in the pull request, we'll use a custom Bitbucket app or integration. You can develop your app, or search for an existing one that suits your needs.