Using version control for Terraform projects offers several benefits:
- Collaboration: Multiple team members can work on the same codebase.
- History: Track changes and revert to previous states if needed.
- Backup: Safeguard your configuration files.
- Audit Trail: Maintain a complete history of infrastructure changes.
- Code Review: Enable peer review through pull requests.
- CI/CD Integration: Automate testing and deployment.
The most commonly used version control system is Git. We'll focus on setting up Git for your Terraform projects.
-
For macOS:
brew install git
-
For Windows: Download and install Git from the official website.
-
For Linux:
sudo apt-get update sudo apt-get install git
-
Set your username:
git config --global user.name "Your Name" -
Set your email:
git config --global user.email "your.email@example.com" -
Set default branch name to main:
git config --global init.defaultBranch main
-
Enable colored output:
git config --global color.ui auto
-
Set line ending handling:
git config --global core.autocrlf input # macOS/Linux git config --global core.autocrlf true # Windows
-
Create a directory for your Terraform project:
mkdir terraform-project cd terraform-project
-
Initialize a new Git repository:
git init
-
Verify the repository initialization:
git status
A .gitignore file specifies which files and directories to ignore in your Git repository. This helps avoid committing sensitive information and unnecessary files.
-
Create a
.gitignorefile:touch .gitignore
-
Add the following content to your
.gitignorefile:# Local .terraform directories **/.terraform/* !**/.terraform/modules/** !**/.terraform/providers/** # .tfstate files *.tfstate *.tfstate.* *.tfstate.backup *.tfstate.lock.info # Crash log files crash.log crash.*.log *.crash *.crash.* # Exclude any .tfvars files containing sensitive data *.tfvars *.tfvars.json !example.tfvars !example.tfvars.json # Terraform .plan files *.tfplan *.tfplan.* # .terraform.lock.hcl file .terraform.lock.hcl # Ignore any directories or files generated by Terraform .terraformrc terraform.rc .tfplan # IDE and editor files .idea/ .vscode/ *.swp *.swo *~ .DS_Store # OS files Thumbs.db # Override files (for local development) override.tf override.tf.json *_override.tf *_override.tf.json # Temporary files *.tmp *.temp .tmp/ # Log files *.log # Environment files .env .env.local .env.*.local # Backup files *.bak *.backup
-
Add all files to the staging area:
git add . -
Verify files in the staging area:
git status
-
Commit the files with a message:
git commit -m "Initial commit of Terraform project" -
Verify the commit:
git log
- Create a new repository on a platform like GitHub, GitLab, or Bitbucket.
- Copy the repository URL.
-
Add the remote repository:
git remote add origin https://github.com/your-username/your-repository.git
-
Verify the remote repository:
git remote -v
-
Push the local repository to the remote repository:
git push -u origin master
-
Create and switch to a new branch:
git checkout -b feature-branch
Or using the newer syntax:
git switch -c feature-branch
-
Verify the current branch:
git branch
-
Switch to the main branch:
git checkout main
Or using the newer syntax:
git switch main
-
Merge the feature branch:
git merge feature-branch
-
Delete the feature branch (optional):
git branch -d feature-branch
For GitHub:
- Push branch to remote:
git push -u origin feature-branch
- Create pull request on GitHub website
- Request code review from team members
- Merge after approval using merge commit, squash, or rebase
For GitLab:
- Push branch to remote:
git push -u origin feature-branch
- Create merge request on GitLab website
- Configure merge request settings (squash commits, delete source branch)
- Merge after approval
Merge (preserves history):
git checkout main
git pull origin main
git checkout feature-branch
git rebase main
git checkout main
git merge feature-branchSash merge (clean history):
git checkout main
git merge --squash feature-branch
git commit -m "Add feature description"-
Create a new tag:
git tag -a v1.0 -m "Version 1.0" -
Verify the tag:
git tag
-
Push the tags to the remote repository:
git push origin --tags
- Navigate to repository settings → Branches
- Add branch protection rule for
mainbranch:- Require pull request reviews before merging
- Require status checks to pass before merging
- Require branches to be up to date before merging
- Limit who can push to matching branches
- Include administrators
- Navigate to project settings → Repository → Protected branches
- Protect the
mainbranch:- Allowed to merge: Maintainers
- Allowed to push: No one
- Require approval from code owners
- Navigate to repository settings → Branch restrictions
- Add restriction for
mainbranch:- Limit merge access to specific users/groups
- Require pull request approvals
# macOS/Linux
brew install pre-commit
# Or using pip
pip install pre-commitCreate .pre-commit-config.yaml:
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.83.0
hooks:
- id: terraform_fmt
- id: terraform_validate
- id: terraform_tflint
args:
- '--args=--module'
- id: terraform_tfsec
- id: terraform_checkov
- id: terraform_docs
- id: terraform_providers_lock
- id: terraform_wrapper_module_for_each
- id: terraform_fmt
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-filespre-commit installpre-commit run --all-filesmain (production)
↑
|
develop (staging)
↑
|
feature/* (development)
Commands:
# Create feature branch
git checkout -b feature/add-new-resource
# Merge to develop
git checkout develop
git merge feature/add-new-resource
# Create release from develop
git checkout -b release/v1.0.0
# Merge release to main
git checkout main
git merge release/v1.0.0main (production)
↑
|
feature/* (development)
Commands:
# Create feature branch
git checkout -b feature/add-new-resource
# Push and create PR
git push -u origin feature/add-new-resource
# Merge PR to mainmain (all development)
Commands:
# Commit directly to main
git add .
git commit -m "Add new resource"
git push origin main
# Or use feature branches with short-lived PRs
git checkout -b feature/quick-fix
# ... make changes ...
git checkout main
git merge --squash feature/quick-fixYou are now ready to set up and use version control for your Terraform projects! 🚀
Note
Join Our Telegram Community // Follow me for more DevOps & Cloud content.