►
Description
2:11 - Program Start
3:04 - Intros
4:47 - Program for the stream
9:48 - Demo Start
Live stream replay with Kerim Satirli and Taylor Dolezal of @HashiCorp talking about Infrastructure as Code and Iterative Infrastructure with GitHub Actions.
Project link to follow along: https://github.com/ksatirli/iterative-infrastructure
Join us for the “What’s next for DevOps?” Panel on Feb 4. Experts from GitHub, Lightstep, Red Hat, and Redmonk will explore this topic! https://resources.github.com/webcasts/Whats-next-for-DevOps/
twitter: @ksatirli, @onlydole
A
Hey
everyone
welcome
to
another
wonderful
edition
of
demo
days
nice
to
see
everyone
up
in
the
chat.
Bonjour
hello
good
morning,
good
evening,
good
afternoon,
good
night,
nice
to
see
y'all
good
to
see
everyone.
I
see
some
folks
from
russia
in
chat.
I
see
folks
from
india
in
chat.
I
see
folks
from
all
over.
Yes,
it
is
it's
definitely
a
fry
ea
live
stream.
Today
we
are,
we
are
going
to
have
an
amazing
day
today.
A
I've
actually
got
some
really
special
guests
for
all
of
y'all
today,
so
I'm
going
to
bring
in
oh,
I
think
I
still
hear
some
music
in
the
background.
Let
me
kill
that
yep.
You
know
me
always
audio
issues,
but
hopefully
we're
good
to
go.
Bonsoir,
hello,
hello,
yes,
super
pumped
today,
all
right,
let's
bring
in
our
special
guests
and
I'll
stop
delaying
all
right,
kareem
and
taylor,
our
friends
from
hashicorp,
welcome,
and
thanks
for
coming
on
to
demo
days
here
today.
A
B
C
Hi
everyone,
my
name
is
taylor,
dolezal,
and
I
am
also
a
developer
advocate
at
hashicorp.
I'm
also
focused
on
infrastructure,
so
again,
terraform
packer
and
the
like.
I
also
focus
a
little
bit
on
application
delivery,
as
well
so
working
with
tools
like
waypoints
and
making
sure
that
your
your
clusters
are
operational
and
running
are
some
of
my
favorite
things
to
do,
and
we
were
asked
to
come
here
today
because
sounded
like
somebody
wanted
to
do
a
friday
deployment
and
obviously
cream,
and
I
kind
of
jumped
at
that.
B
C
I
was
gonna
say
listening
to
that.
I'm
surprised
that
no
one
has
come
out
with
a.
I
know
there
are
those
several
permutations
of
chill
wave
like
chill
wave
listening
to
music
with
all
of
the
different
title
cards,
for
those
surprised
that
no
one
has
made
one
with
octocat
just
yet,
but
you
know
maybe
maybe
soon.
B
See
you're
putting
ideas
in
people's
minds.
I
like
it
so
we'd
like
to
talk
to
you
about
iterative
infrastructure
and
specifically
that
really
means
that
we
want
to
show
you
a
couple
of
slides
really
quickly
just
to
get
a
base
understanding,
because
we
see
so
many
people
in
the
chat.
You
all
look
great
today,
most
of
you
anyway,
some
people
nah,
I'm
kidding
they'll,
look
great.
B
C
B
A
C
More
specifically,
we're
going
to
be
approaching
infrastructure
from
a
code
perspective,
so
simply
put
infrastructure
as
code
or
iac,
as
you
might
have
referred
to
it
or
heard
it
referred
to,
as
is
the
process
of
managing
and
provisioning
resources
with
machine,
readable
definition
files.
So
what
does
that
mean?
That
means
to
that?
Instead
of
manually
going
and
configuring
things
via
ui
or
an
admin
dashboard
or
clicking
buttons,
you're
going
to
be
setting
that
up
with
code.
C
When
you
think
about
infrastructure
as
code,
you
can
think
of
it
as
executable
documentation,
it's
human
readable,
but
you
can
execute
it
with
an
application
like
terraform
infrastructure,
as
code
is
an
enabler
for
many
good
things
of
which
I'm
very
excited
to
show.
You
today
provides
a
codified
workflow
so
that
you
can
commit
your
work
and
version
it
and
then
because
it
is
code
everything
you
love
about
version
control
also
applies
here
as
well.
C
You
can
collaborate
with
other
engineers.
You
can
roll
a
change
back,
submit
a
new
change
and
easily
spin
up
an
additional
set
of
resources
by
using
things
like
terraform
modules,
for
instance.
Most
importantly,
because
everything
is
written
out,
you
can
spin
up
those
resources
in
a
safe
and
predictable
way,
which
again
sounds
really
great
for
our
friday.
Deployment
here
code
is
obviously
a
very
big
part
of
infrastructure's
code,
it's
literally
in
the
title,
and
there
are
a
handful
of
languages
that
you
can
use,
such
as
json
and
yaml.
C
C
We
gave
it
a
name
of
web
underscore
proxy
we've
defined
a
listen
address
for
localhost
and
then
a
process
called
server
which
runs
a
specific
command,
as
you
can
see,
hcl
is
both
human,
readable
and
machine
readable,
and
this
syntax
is
something
that
you
can
pick
up
in
a
few
hours
and
use
across
all
of
the
other
hashicorp
products,
which
is
really
helpful.
If
you
want
to
jump
into
nomad
or
packer
today,
we're
actually
going
to
show
packer
using
hcl,
which
I'd
prefer
to
json.
C
B
If
you
don't
feel
like
leaving
questions
in
the
chat
or
the
great
ideas
come
to
you
right
after
the
session,
which
always
happens
for
me,
we're
only
dole
and
edcasterly
on
twitter
and
pretty
much
everywhere
else.
So
if
I
haven't
responded
to
your
pull
request,
just
feel
free
to
call
me
out.
It's
totally
fine.
B
C
B
B
Updated
so
when
we
talk
about
infrastructure
as
code,
we
obviously
talk
about
code
and
we
want
to
show
you
a
few
cool
things
with
terraform
and
since
it's
friday,
the
first
thing
we're
going
to
do
is
create
a
github
repository
and
to
show
you
that
this
is
all
live.
Let
me
open
safari
and
we
have
the
demo
organization
here,
as
you
can
see
no
repositories.
B
So,
let's
switch
back
to
our
editor.
What
you
see
on
the
left
side,
these
eight
lines
of
code
is
terraform
same
code
type.
That
taylor
just
showed
you
here
we're
grabbing
a
provider
specifically
the
github
one,
which
makes
a
lot
of
sense
right.
We
want
to
start
out
with
a
repository,
maybe
some
team,
memberships
and
we'll
define
that
if
you've
never
used,
terraform
totally
cool
you've
probably
used
something
like
npm
or
any
other
package
manager.
B
Think
of
this,
as
your
package.json,
we
define
the
versions
we
define
what
module
or
provide
in
this
case
we
want
and
we
go
from
there,
and
so
this
is
already
part
of
the
first
terraform
workflow.
You
define
a
provider
you
run
init
and
on
the
right
side
of
my
screen.
You'll
see
that
terraform
is
actually
grabbing
the
provider
from
the
public
registry.
B
B
It's
been
yeah
here
we
go
we'll
make
it
a
little
bigger.
The
good
thing
about
this
session
is
that
this
is
actual
real
life
code.
This
is
not
just
an
animated
gif.
So
afterwards,
we'll
share
the
repository
url
with
you,
and
you
can
look
at
it
on
your
site,
which
is
even
better
because
that
means
you
can
try
it
out.
B
So
back
to
our
code,
we've
grabbed
the
provider
which
you
can
see
on
the
right
side
of
my
screen.
Everything
worked
out.
Everything
was
downloaded,
I'm
going
to
go
ahead
and
clear
my
terminal
to
make
it
easier
to
see.
What's
going
to
happen
next
and
back
in
the
code,
editor
we're
defining
our
code.
Here,
we've
got
the
demo
organization,
that's
one.
C
B
So,
on
the
left
side,
just
like
we
showed
you
before
another
terraform
resource
this
one
of
type
repository
and
what's
really
cool
about
this-
is
that
in
we've
got
it
written
out
over
26
lines
of
code,
but
you
could
probably
have
it
in
about
five
or
six
lines
of
code.
You
can
codify
all
your
github
repositories.
B
Now,
if
you
run
a
personal
github
account,
you
could
say
you
know
what
that's
too
much
work.
Five
lines
of
code
is
way
more
time
than
it
takes
me
to
just
click
in
the
ui,
and
I
get
that
if
you're
doing
this
for
an
organization,
this
is
a
lifesaver
and
I
mean
because
we're
live
here.
I
just
got
to
say:
jeremy
kudit
who's
working
on
this
provider
with
a
couple
of
other
contributors.
B
Thank
you.
So
much
for
work.
Github
is
absolutely
my
favorite
terraform
provider.
Until
it
will
prove
that
it,
it
is
literally.
The
first
thing
we
do
is
go
in
set
up
the
organization
set
up
the
repositories
and
make
sure
everything
is
nicely
codified,
because
if
you
have
repositories,
then
you
can
do
all
the
good
things
that
you
can
do
with
iac.
C
C
It's
really
helpful,
too,
being
able
to
codify
your
repositories
out
like
this.
Typically,
a
lot
of
patterns
that
I've
seen
used
in
the
community
have
been
people
creating
kind
of
a
repository
to
spin
up
their
other
repositories
with
infrastructure.
As
code,
you
do
typically
find
yourself
in
a
situation
where
you
might
have
you
know
chicken
and
eggs
situation
where
you
have
to
unfortunately
manually
create.
You
know
that
repository
the
first
time,
but
then,
once
you
do
you
set
yourself
up
for
a
lot
of
success
in
the
future.
C
Being
able
to
you
know,
add
repositories
and
then
configure
things
in
in
a
very
broad
way.
You
know
if
we
wanted
to
make
all
of
our
repositories
private,
we
could
go
ahead
and
do
that
public.
We
could
go
do
that
and
then
this
also
allows
us
to
check
to
make
sure
everything
is
all
right
in
a
pr
process.
You
know
collaborate
with
others
make
sure
everything
looks
good
and
then
you
know
recently
github
allowed
for
us
to
change
from
master
to
main.
That
makes
this
very
easy
to
do
with
infrastructures
code
as
well.
C
B
B
B
B
B
And
figuring
out
what
to
call
it
right.
So,
as
you
can
see
our
first
terraform
deployed
repository
beautiful
we've
got
one
for
packet
images
and
that
actually
takes
me
to
one
of
the
questions
I
saw
pop
by
in
the
chat.
I
don't
know
if
aj
can
actually
find
this
one
back,
but
it
was
about
code
organization
and
how
you
would
normally
organize
code
exactly
that
one
wow,
that's
beautiful.
B
So
the
reason
we
have
all
of
this
code
in
one
repository
is
mostly
to
make
it
easy
for
you
to
download
it
and
to
make
sure
that
we
can
depend
on
the
other
repository
or
subdirectories
in
here,
depending
on
your
organization.
A
monorepo
approach
might
not
be
the
best
version
or
the
best
way
of
doing
this.
C
I
really
do
like
breaking
it
out.
I'd
say
you
know
working
with
you
on
this
demo
and
and
this
code
it
was
definitely
different.
Typically,
I
don't.
I
won't
follow
a
monorail
pro
approach
and
it
became
interesting
when
we
integrated.
You
know
github
actions
and
some
other
things
around
this
project,
but
I
have
seen
a
couple:
people
set
up
their
code
structures
such
that
they'll
create
their
base
modules
or
things
that
they're
testing.
C
You
know
some
modules
they
might
be
testing
and
then
breaking
out
the
configuration
for
different
environments
into
different
folders
and
then
just
kind
of
importing
that
in
again
using
local
files
or
modules.
I
I
personally
really
like
breaking
things
out,
like
you
said,
into
different
repositories,
which
allows
me
to
then
have
different
terraform
states
and
not
you
know,
break
things
as
I
as
I
set
them
up.
You
can
get
into
a
bit
of
a
problem
if
you
start
to
reference
state
of
other.
You
know
repositories
things
like
that.
C
So
it's
just
one
good
thing
to
be
mindful
of.
If
you're,
in
that
kind
of
situation,
you
might
be
able
to
leverage
tagging
and
other
ways
and
data
providers
within
terraform
to
start
to
reference
things
and
look
things
up,
which
is
the
best
way
I've
found
around
that.
But
typically
I
will
like
setting
things
up
in
a
microservice
type
approach
and
and
then
it
makes
a
little
bit
easier
to
kind
of
like
focus
on
that
specific
thing.
Instead
of
worrying
about
breaking
some
other
dependency
or
something
else
within
a
monorepo.
B
B
So
let's
see,
if
there's
any
other
questions
that
we
missed,
I
think
not
cool.
So,
let's
move
on
from
our
terraform
code
for
github
repositories
to
one
for
azure,
so
we've
created
a
repository
for
our
pack
images.
Of
course
the
logical
next
step
would
be
to
test
it
in
github
actions,
but
we
first
need
to
actually
be
able
to
have
some
code
to
run
it.
B
On
the
right
side,
I
just
switched
my
shell
to
the
azure
directory,
which
has
the
code
that
you
see
on
the
left
side.
So
specifically,
these
three
files,
and
I'm
just
going
to
run
a
plan
to
show
you
what
we're
doing
here
and
give
you
a
basic
idea
and
so
right
away.
You
notice
that
we
have
two
random
things.
Popping
up.
B
So,
moving
on
from
that
we're
just
actually
going
back
to
the
one
resource
that
we
define
for
packer
to
be
able
to
build
images
and
for
us
to
actually
need
a
repository
to
put
our
packer
code
in
and
then
run
actions
against.
We
first
need
an
azure
resource
group,
I'm
in
amsterdam,
so
I
built
my
stuff
mostly
in
west
europe,
we're
calling
our
group
packer
just
to
keep
things
simple.
B
B
B
B
B
We've
just
updated
our
resource
group
name
from
packer
to
packer
dinosaur,
eh
w2
and
we're
just
going
to
see
how
packer
responds
to
that.
Sorry.
How
terraform
responds
to
that,
and
you
can
see
because
we've
deployed
this
group
before
terraform,
actually
knows
that
we
are
indeed
creating
a
new
resource.
B
B
C
One
one
thing
I
did
like
too
is
that,
so,
if
you,
if
you
notice,
when
cream,
did
the
plan
and
the
apply
when
you
got
that
feedback
from
terraform
we're
using
terraform
014,
which
is
a
the
latest
generally
available
version
that
we
have
right
now
and
with
that
came
concise
diff?
So
if
you
haven't
seen
that
before
it's
really
a
great
feature,
it
eliminates
a
lot
of
searching
for
what
changed
you
know
or
what's
going
to
change
when
you're
running
a
plan.
C
C
B
And
while
we've
been
trying
to
give
you
interesting
and
relevant
information,
we're
still
waiting
for
the
resources
to
be
destroyed
and
I
had
a
quick
look
in
another
window.
The
reason
it's
taking
a
little
while
longer
is
that
in
that
resource
group,
the
packer
resource
group,
we
have
a
couple
of
resources
that
are
now
also
being
shut
down
as
part
of
the
removal.
B
We're
not
going
to
wait
for
that,
because
nobody
has
time
for
that.
It's
friday.
I
know
you
want
to
see
something
more
interesting,
we're
just
going
to
let
it
run
in
the
background
and
in
the
meantime,
we'll
go
to
our
packer
interface
and
just
making
sure
code
size.
Can
we
all
see
what's
happening
on
the
left
side,
approximately.
B
So,
despite
being
in
the
same
repository,
we've
actually
switched
an
entirely
different
tool
where
terraform
deploys
infrastructure
for
you
in
the
broadest
sense
of
the
world
word
also
in
the
broadest
sense
of
the
world.
Definitely
servers
databases,
dns
records,
packer
focuses
on
building
images,
specifically
machine
images.
B
B
B
B
B
B
B
We
we
live
by
discrete,
always
formally
a
code
code.
Quality
is
important.
Then
you
know
this
works,
but
it's
friday
right.
So
you
might
go
like
you
know
what
this
is
beautiful.
My
code
looks
good.
I'm
gonna
skip
the
format
for
right
now
and
we're
just
gonna.
Do
this
live
and
I'm
sure
there's
nothing
ever
to
worry
about.
B
B
B
B
B
C
It's
fine,
it's
great
too,
because
if
you
start
to
use
things
like
github
actions
and
you
codify
some
of
your
approvals
when
it
comes
to
your
prs,
you
know
doing
some
static
checks.
You
can
really
help
yourself
out.
You
know,
help
future
you
out
and
you
can
run
things
like
format
or
validate
and
different
parts
of
the
process
so
that
you
don't
have
to
necessarily
pull
the
code
down
check
it,
especially
if
it
appears
to
be
more
of
a
simple
change.
B
And
superlint
is
also
still
working.
So
while
we
wait
for
those
to
execute
fully,
you
can
already
see
at
the
bottom
of
my
screen.
Some
chicks
were
not
successful.
That's
what
we
expect
and
that's
actually
what
we're
hoping
for.
So
in
order
to
show
you
what
we
can
actually
do
with
packer.
I'm
just
gonna
fix
this
once
again
and
oops
typo.
B
B
B
So
pushed
a
new
version
of
this
and
pretty
sure
the
terraform
code
is
still
failing,
but
at
least
there
we
go
packer
by
now
successful
in
13
seconds
man.
The
speed
of
this
really
got
a
lot
better,
so
we're
grabbing
a
github
action
here,
specifically
one
mattel
and
I
built
which
also
get
some
community
contributions.
So
if
you
are
one
of
the
people
that
contribute
to
this
github
action,
thank
you
so
much
contributing
to
open
source
is
never
free
because
it
always
costs
somebody's
time.
So
I
definitely
appreciate
it.
B
I
know
you
do
too
taylor,
but
in
the
meantime
let
me
show
you
what
we
are
actually
doing
here,
maybe
not
the
less
interesting
part
of
actually
pulling
the
file.
So
we've
got
packer
here
which
we're
running
and
we're
validating
our
file
and
there's
a
lot
of
code
here
to
be
seen.
But
the
most
important
part
is
the
highlighted
part.
B
C
I
had
a
good
laugh
at
live.
Demos
are
very
scary.
I
absolutely
agree
with
that.
That's
and
that's
why
we're
so
excited
to
be
here
today
is
so
that
we
can
kind
of
share
some
of
these
github
actions
with
you.
Github
actions
are
really
versatile
because
you
can
you,
I
don't
know
of
a
good
way
to
run
them
locally.
I
know
there
have
been
some
developments
literally
figuratively
made
on
that
front,
but
you
can
host
your
own
github
runners,
there's
great
documentation
on
how
to
do
so.
C
If
there
are
things
if
you're
on
a
private
network
depending
on
your
infrastructure,
you
have
a
lot
of
resources
available
to
you
in
that
front.
The
github
actions
that
we're
working
with
today
can
run
on
any
github
instance.
So
if
you
have
github
enterprise,
if
you're
just
working
with
github,
you
can
use
these
actions
and
then
we
in
total,
we'll
you
know
we'll
kind
of
get
in
more
into
this
code.
C
The
code
in
a
little
bit,
but
the
three
actions
that
we
have
specifically
today,
that
we're
running
are
packer,
which
you
saw
with
what
kareem
was
doing
and
making
sure
all
of
that
syntax
looked
good
and
was
okay,
just
really
a
static
check,
terraform,
which
is
going
to
be
doing
the
same
thing.
It's
just
going
to
be
doing
some
static
checks.
It's
not
going
to
be
handling
the
plans
and
applies
specifically.
You
can
do
that,
though.
We
do
have
a
couple
examples
which
you
know
feel
free
to
at
me.
C
I've
got
some
examples
of
a
pr
process
that
will
actually
post
back
comments
and
let
you
know
if
the
plan
succeeded
failed,
who
actually
made
the
the
code
contribution
and
then
lastly,
we
had
super
linter
which
will
go
through
and
handle.
One
of
my
favorites
honestly
provided
by
github
is
that
it
will
go
through
all
of
the
code
in
your
repository
and
then,
if
you
specify
I
want
this
to
lent
for
bash.
I
want
this
to
link
for
markdown
terraform.
C
B
B
Nothing
important
we're
also
for
this
build
gonna,
ignore
those
errors,
because
they
weren't
important
to
us
also
note
of
advice
if
you're
building
images-
yes,
paco
will
check
if
your
exit
code
is
good,
but
it
can
never
verify
if
everything
you
try
to
install
actually
installed
in
the
way
you
want
to
do
it.
There
are
other
tools
for
that.
I
definitely
recommend
checking
whatever
you
build
and
never
just
trusting
one
source
to
do
it
for
you.
B
So
in
the
meantime,
while
we
wait
for
the
packer
image
to
build
and
what
that
involves
is
essentially
packer
starts
up
a
vm
in
azure,
it
runs
the
base
image
that
we
instructed
it
with.
It
runs
a
couple
of
commands,
and
once
it's
done
it
captures
that
image
and
stores
it
it's
a
little
bit
of
a
time
consuming
process.
I'm
guessing
will
be
five
to
six
minutes
before
we're
ready.
B
Let
me
actually
show
you
a
very
simple
repository.
We
only
have
the
azure
provider
in
there
and
you
could
do
this
with
any
other
provider
in
our
case
we're
building
the
image
on
azure.
So
we
need
to
use
the
azure
provider
we're
defining
a
virtual
network,
a
public
ip,
a
couple
of
other
things
and
you
notice
there's
a
local
variable
that
we're
referencing
and
so
what
you'll
see
these
local
variables
actually
use
a
remote
terraform
state,
and
so
what
we're
doing
here
is
we're
grabbing
that
code.
B
So
the
same
way,
packer
got
a
file
generated
from
terraform
we're
actually
using
the
azure
subdirectory,
which
has
its
own
terraform
state
or,
in
this
case
terraform
cloud
state
to
retrieve
those
values
and
by
referencing
them.
In
this
way,
I
don't
have
to
update
the
resource
groups
in
three
different
places.
I
don't
have
to
update
the
location,
which
was
one
of
the
options
it's
all
defined
in
a
single
place
and
everything
else
just
pulls
from
that
place
very,
very
powerful,
because
it
means
less
places
that
need
updating,
and
it
also
means
less
code
maintenance
required.
B
So
we've
got
our
network
we've
got.
We
should
do
some
compute
stuff.
So
what
we're
going
to
do
here
is
first
of
all
we're
building
a
packer
image
and
let's
see
how
this
is
going
right,
it's
actually
pretty
far
along
good,
beautiful
we're
going
to
tell
terraform
to
look
for
the
packer
image
in
our
azure
account
and
because
we
only
have
one
image
called
packer.
It
should
find
it
we're
going
to
start
up
a
virtual
machine
which
we're
going
to
start
with
our
local
ssh
key
and
word
of
warning.
B
B
It's
actually
a
super
easy
exercise,
but
it's
one
that
will
get
you
thinking
about
how
to
do
this,
or
just
consider
that
you
will
never
want
to
log
into
your
image
into
your
machine
and,
just
don't
add
an
ssh
key
so
for
the
virtual
machine,
we're
starting
up
we're
grabbing
our
packet
image,
which
will
be
dynamically
retrieved
and
we're
going
to
be
outputting
some
things
here
and
let's
see
if
we
can
actually
do
that.
Awesome.
B
B
B
Was
this
expected,
of
course
not?
It
worked
locally
right
like
it
worked
on
my
machine,
it's
going
to
work
on
taylor's
machine,
but
it
might
not
work
in
our
deployment
setup
which
might
be
github
actions,
so
maybe
for
this
file
we're
going
to
use
something
different,
but
we
already
see
that
this
is
definitely
a
problem.
C
Quick
you'll
notice
that,
with
this
with
the
repository
that
we've
shared
today,
you'll
note
that
all
of
the
terraform
state
is
stored
locally,
and
so
you
can
use
things.
You
know
we
typically
recommend
a
remote
state
if
you're
working
on
things
for
production
or
environments
that
people
might
run
applications
on
just
because
that's
a
lot
safer
way
to
do
it,
but
for
you
know
just
for
showing
off
a
demo
or
a
feature
using
local
state
wool.
You
know
that's
a
that's
a
really
good
place
to
to
start.
C
What's
really
nice
is
that
terraform
cloud
is
a
great
they've,
got
a
free
tier,
it's
just
a
fantastic
option
to
get
started
and
and
very
easy
to
store
your
state
remotely
and
then
start
to
audit
changes.
I
believe
it's
free
for
about
between
one
to
five
people,
if
I'm,
if
I'm
not
mistaken,
and
so
you
can
start
to
scale
that.
C
Team,
if
ever
you
want
it,
you
start
to
get
more
people
in
project.
You
really
like
how
that
works
in
the
workflow,
and
you
can
continue
that
forward,
but
really
helpful
here
and
then
that's
where
that
back
end
remote
when
you
saw
that
remote
state
get
referenced
to
that's
what
that
was
in
reference
to
so,
if
you've
and
if
you've
any
questions
on
anything
today
feel
free
to
throw
it
in
the
chat,
we'll
be
more
than
happy
to
answer
on
that
front.
B
B
So
in
the
meantime,
terraform
is
still
telling
us
that
our
resource
is
incorrect
and
that's
absolutely
correct,
but
it's
friday
we're
still
going
to
ignore
that
so
updated
password
cool
thing
about
hard
coding.
The
password
is
that
everyone
can
see
it
right
like.
I
don't
need
to
tell
my
team
what
the
password
actually
is.
B
B
Any
of
those
is
a
better
option
than
hard
coding,
your
password,
which
is
what
we've
just
done
and
as
you
can
see
here,
let's
see
we
have
a
terraform.
Well,
we
have
an
error
in
our
github
action.
Terraform
format
is
now
checking
out,
probably
also
because
I
miss
aligned
some
stuff
man.
It
is
really
friday
on
this.
Isn't
it.
B
C
C
Typically
when
you
get
started
with
terraform
and
when
you're
trying
trying
some
things
out
again,
you
can
store
that
state
locally
and
kind
of
like
get
a
get
a
handle
of.
What's
going
on
and
try
to
understand
it,
it's
always
best
to
understand
something
before
you
go.
Do
it.
I
know
that
sounds
really
obvious,
but
something
that
we
forget
a
lot.
A
lot
of
people
will
typically
jump
into
the
code
and
not
really
give
things
the
thought
that
they
really
need.
It's.
C
Okay,
to
get
up
from
your
desk,
take
a
take
a
walk
around
and
just
kind
of
like
ruminate
and
think
on
things,
and
so
I
absolutely
recommend
doing
that.
I
know
I
definitely
have
to
practice
what
I'm
saying
as
well
I'll
forget
to
do
that
at
times
too,
but
it's
always
good
to
have
an
understanding
of
what's
going
on.
C
So
when
you
have
that
figured
out
and
you're
working
with
the
team
or
pushing
that
to
a
production-like
environment,
it
is
best
to
have
just
one
runner
for
that,
so
that's
again
where
terraform
cloud
can
help
out
or
if
you
set
up
some
ci
cd.
You
know
just
having
that
be
the
thing
that's
running,
the
actual
applies
for
everything.
Typically,
you
won't
want
to.
Let
you
know
open
up
the
floodgates
to
everybody
being
able
to
apply
right,
because
then
you
can
run
into
some
issues
there.
So
that's
that's.
C
That
is
a
really
good
pattern
to
just
have
that
single
type
of
apply,
and
then
you
and
then
yeah
like
jenkins,
github
actions.
Anything
like
that
would
would
be
a
good
good
thing
on
that
front.
We
also
got
one
more
question
and
answer
really
quickly
from
pablo.
Do
you
recommend
having
both
infra
and
deployment
templates
as
part
of
the
application
repository?
C
C
We
could
take
a
look
at
and
utilize
I'll
set
that
up
in
one
layer
and
then
tag
that
appropriately
and
then,
if
I'm
setting
up
something
like
an
aks
cluster
or
something
to
deploy
my
applications
to,
I
can
reference
the
labels
and
the
tags
and
use
terraform's
data
lookups
to
kind
of
see
what's
going
on
there
or
data
sources
to
see.
What's
going
on
there,
so
really
really
helpful
on
that
front.
B
B
C
B
We're
going
to
share
with
the
world
has
good
syntax,
we'll
also
be
deploying
it
in
other
ways
and
validating
it
that
way,
but
for
this
action
for
something
that
you
can
use
all
the
time
without
having
to
add
your
credentials,
this
will
work
same
story
pretty
much
for
terraform
we're
doing
a
matrix,
build
against
the
three
repositories
that
we
have
in
here.
Sorry,
the
three
directories
and
that's
really
cool
right,
we're
spinning
up
different
agents
making
sure
it
all
runs.
B
B
I've
validated
specifically
our
pull
request.
We
format
pretty
much
everything
and
we
make
sure
that
our
output
reflects
what's
going
on,
and
this
is
beautiful
right.
You
don't
need
to
think
about
this
anymore,
because
your
repository
does
for
you
and
then
finally,
superlinter
taylor
already
mentioned
we're
running
it
against
our
code
base.
C
C
Github
actions
are
really
helpful
because
you
know
they're
made
inside
they're
made
for
github,
and
so
you
have
access
to
everything
inside
of
your
github
repository
you.
If
you
wanted
to
run
an
action
when
somebody
opens
an
issue-
and
you
know
you
run
an
action
to
help
triage
that
or
add
labels,
you
have
the
ability
to
do
that.
If
you
want
to
do
it
for
specific
branches,
you
can
here,
you
can
see
on
pull
request.
We
don't
outline
which
branch
we
want
to
use,
because
we
want
all
of
them.
C
If
people
create
a
feature
branch
and
then
submit
a
pull
request,
we
want
this
action
to
run.
So
there
are
a
lot
of
cool
things
that
you
can
do
here.
One.
I
made
a
note
for
myself
to
go
check.
I
believe
that
there
is
the
option
to
do
something
when
somebody
stars
a
repository,
so
it
might
be
fun
to
send
an
email
or
do
something
like
that.
C
As
somebody
stars,
a
repository
maybe
make
an
update
to
your
to
your
readme
and
and
commit
that
you
know
something
something
fun
on
that
front,
but
lots
of
interesting
ways
that
you
could
go
about
extending
github
actions
and
then
again
the
packer
action
that
you
saw
today
was
made
by
one
of
the
people
on
the
stream,
and
you
know
thank
you.
Thank
you
for
all
the
others
that
contributed,
but
it's
fun
to
be
talking
with
the
maintainer
and
and
get
to
use
that
action
live
for
all
of
you
today.
B
Yeah,
I
think,
with
all
of
those
things
and
whenever
you
think
about
contributing
to
open
source,
think
about
what
scratch
you
could,
what
it
you
could
scratch
with
your
code,
because
I
guarantee
you
when
I
built
that
action
I
was
like.
You
know
what
nobody's
gonna
use
that,
because
otherwise
somebody
would
have
built
it
and
I
get
pull
requests.
I
get
suggestions
from
people,
it's
super
fun
and
it's
also
nice
seeing
people
actually
use
it.
B
C
With
that
I'd
like
to
see
super
linter
certification,
that
would
be
a
phone
to
add
your
linkedin
profile,
one
one
that
I
I
kind
of
want
to
ask
you
as
well.
Kareem
is
by
get
some
was,
do
you
agree
with
one
person
as
a
gatekeeper
to
accept
allow
changes,
or
do
you
have
an
open
culture
where
multiple
people
have
the
ability
to
accept
changes
in
deploy?
Personally,
I
think
that
it's
it's
always
difficult.
C
When
you
have
you
know
one
person,
typically
it's
better
as
a
set
of
people
or
just
as
a
team,
in
my
opinion,
to
be
able
to
prove
that.
I
think
that
that
creates
a
better
culture
because
say
you
have
that
one
person
as
the
the
person
that's
approving
things,
what
about
when
they
go
on
vacation?
Oh,
I
never
go
on
vacation.
That
person
might
say,
do
you
you
know,
but
what
about?
C
If
you
get
sick,
you
know
if,
if
something
happens
in
your
life
and
you're,
just
not
able
to
pay
attention
to
that
repository
or
or
fulfill
those
duties,
maybe
it's
saturday,
maybe
somebody's
working
that
day-
and
this
is
something
that
needs
to
go
in.
This
is
a
hot
fix
and
it's
critical,
typically
giving
the
whole
team
the
ability
to
prove
is
is
best.
You
know,
get
your
team's
eyes
on
it
other.
You
know.
C
B
B
B
B
So,
in
that
sense
it
makes
a
lot
more
sense
for
a
team
to
be
able
to
say.
We've
got
these
many
checklists
that
we
run
through
automatically
on
every
pull
request
and
on
every
merge
to
our
main
branch,
and
if
that
checks
out
awesome,
you
should
be
able
to
deploy.
It
doesn't
mean
you
can't
have
gatekeeping
in
the
software
like
say:
let's
not
deploy
friday
9pm
because
sometimes
still
things
slip
through
and
go
wrong,
but
yeah.
You
can
definitely
approach
this
from
different
ways
and
yeah.
C
One
other
question
I
saw
by
get
some
was
once
you
commit
a
secret
or
password
to
github.
You
can't
erase
it
right.
So
one
thing
to
be
mindful
of
is
that,
while
github
actions
do
a
fair,
fair
amount
of
scrubbing
from
the
logs,
that
is
some
one
thing
that
you
definitely
want
to
be
mindful
of.
If
you
put
a
password
in
there
or
if
you've
made
a
repository
public,
the
previous
runs
can
be
seen.
C
Is
that
and
another
shout
out
to
the
github
provider
is
that
you
can
actually,
you
could
set
up
vault
and
then
create
secrets
and
then
push
those
up
to
github
for
the
for
your
repository,
which
is
really
handy,
feature
for
organizations.
You
can
also
push
that
up
to
the
organization
as
a
whole,
so
you
can
have
that
global
I've
got
feelings
about
global
variables,
but
if
you
need
them,
you
know
like
if
you're
doing
something
like
organization,
name
or
something.
You
know
some.
B
As
a
team,
you-
and
I
know
this
sounds
very
marketing
e,
like
serverless,
because
there's
still
secrets
they're
still
servers
right,
but
if
you-
and
I
don't
know
about
the
secrets
and
just
our
secrets
manager
does
that's
perfect,
because
what
I
know
what
I
don't
know
I
can't
tell-
and
I
also
don't
have
to
worry
about.
It-
also
means
if
we're
pulling
that
from
a
secrets
manager.
B
We
can
update
it
there
and
our
terraform
code
will
keep
working
and
I
don't
need
to
have
another
piece
of
updating
very
much
the
same
workflow
that
we
have
with
having
packer
generate
sorry.
Terraform
generate
packer
files
very
much
the
same
way.
We
have
terraform
lookup
dynamically,
the
packer
image.
It's
all
meant
to
make
it
a
little
easier
and
to
have
less
friction
between
various
moving
parts.
C
It's
really
true,
and
it's
always
something
to
be
mindful
of
it's
best
to
start
that
process.
You
know
day
one
it's
it's
security's,
never
best,
you
can
do
it,
but
I
advise
strongly
against
that.
You
know
start
thinking
about
security
from
day
one,
don't
let
it
you
know,
don't
let
perfect
be
the
enemy
of
good
things
do
still
have
to
work.
Sometimes
there
are
security
requirements
where
it's
you
know
it
would
absolutely
stop
you
dead
in
your
tracks
and
there's
a
better
way
to
go
about
implementing.
C
It
doesn't
mean
that
you
know
maybe
the
second
pass.
You
can
kind
of
implement
that
you
can
always
iterate
with
infrastructure
and
infrastructure
as
code,
but
it
reminds
me
of
a
great
book
called
the
phoenix
project
for
those
of
you
who
haven't
read
it
that
absolutely
recommend
it
and
they
kind
of
talk
through
some
some
issues
there
where
in
this
fictional
company
there
they
go
through
a
situation
where
somebody
implements
some
encryption
and
then,
unfortunately,
all
the
systems
stop
working
because
everything's
encrypted
and
they
can't
decrypt
it.
B
Yeah
there's
many
moving
parts
and
I
think
a
couple
of
the
comments
are
really
reflective
of
stuff
that
you
encounter
with
a
lot
of
teams
right.
Verify
windows
is
saying:
security
is
a
luxury
to
some
devops
teams.
Just
get
it
done
yesterday,
of
course,
yeah.
We
never
have
the
time
to
do
everything
perfectly
and
properly
and
that's
why
we
need
to
make
the
friction
of
doing
it.
The
right
way
as
low
as
possible.
B
C
B
So
with
a
lot
of
these
kind
of
questions?
The
answer
is
always.
It
depends
for
anything
where
I'm
100,
confident
that
the
information
that
could
leak
is
not
important.
I
would
say
absolutely.
It
also
depends
on
your
organization.
I
know
the
teams
running
github
agents,
both
in
github
e.
Obviously
that
would
be
your
teams
and
in
on
github.com
it
would
be
well
the
github
sre
team
they're
making
a
huge
effort
to
make
sure
your
information
doesn't
leak,
but
you
might
still
be
in
an
organization
that
says
you
can't
share
your
cloud
credentials
with
a
provider.
B
For
example,
the
first
thing
we
showed
you
today
was
deploying
github
repositories
with
terraform
and
codifying
them
so
we're
doing
this
in
github
actions
against
github.com
we're
running
the
actions
on
github.com
and
all
we
need
to
make
that
work
is
a
github
token
which
actions
have
access
to
anyway.
So
what's
our
blast
radius
here
practically
zero.
C
And
it
does
make
I
can
I
can
absolutely
attest
to
I.
I
missed
the
in
the
comments
where
it
was,
but
for
any
of
you
that
don't
like
managing
a
jenkins,
server
or
machine.
This
is
a
really
good
workflow
and
it
does
kind
of
improve
that
granted.
You
know
it
depends
for
your
situation,
of
course,
and
it's
always
in
in
some
cases
difficult
to
justify
moving
to
a
new
thing
or
when
is
the
best
time
to
move
to
a
new
thing.
C
You
know
it's
tip,
newer,
isn't
always
better
right
and
it
can
kind
of
it
can
really
slow
you
down.
If
the,
if
the
team
doesn't
say,
we
have
a
build
process
and
everything
works,
it
might
not
be
the
best
use
of
our
time,
and
you
know
focusing
on
some
other
things,
but
I
can
attest
for
any
of
you
that
are
interested
in
moving
from
jenkins
to
github
actions
and
can
do
so.
It's
it's
really,
it's
really
great
for
for
me
and
some
personal
projects
and
home
lab
stuff.
C
C
B
C
Any
other
questions
or
thoughts
and
and
granted
you
know
we,
we
love
spending
time
with
you
here
live,
but
if
you
again,
if
you
do
have
any
questions
or
things
come
to
you
after
the
session
feel
free
to
reach
out
to
cream
or
myself,
that
would
be
more
than
happy
to
have
chats
with
you
and
you
know,
see
what
you're
working
on
hear.
You
know
good
good,
bad
and
ugly.
B
Yeah,
absolutely
I
mean
we're
here
to
answer
these
questions.
We
can
also
answer
them
after
a
stream,
and
these
have
been
really
good
questions.
It's
when
you
think
about
a
lot
of
these
problems.
Talk
with
your
counterpart
from
a
company
that
you
don't
work
with.
Everyone
is
running
into
the
same
problems.
Nobody
has
a
perfect
deployment.
B
Nobody
has
a
super
frictionless
security
process
because
none
of
these
things
are
possible,
but
we
can
all
learn
from
one
another.
If
you
need
to
define
18
20
layers
of
security,
maybe
somebody
has
already
figured
out
six
of
them
and
you
can
copy
that
and
essentially
replace
the
private
keys
and
you're
good.
B
C
B
B
C
One
of
the
things
that
I
I
see
people
do
people
people
I've
worked
with
typically
have
a
lot
of
questions
about
terraform,
and
where
does
it
fit
into
your
your?
You
know
the
application
development
life
cycle
and
it's
I've
seen
some
people
kind
of
stick
with
one
provider
right.
They
might
use
a
major
cloud
like
aws,
azure
gcp
and
then
only
for
that,
but
as
you've
seen
today,
we
can
do
a
lot
with
you
know:
github
actions
with
terraform.
C
We
set
up
a
github
repository
with
terraform,
which
is
incredible.
We
spun
up
a
machine.
We
built
something
with
packer.
We
used
hcl
all
over
the
place.
There's
there's
a
lot
that
can
be
done
a
lot
of
things
you
can
string
together,
but
that
does
make
it
confusing
on
places
to
start,
because
when
you
think
about
configuration
management,
I've
seen
some
people
try
and
you
know,
trend
that
direction
and
use
terraform
to
also
be
configuration.
C
C
B
Yeah
and
they've
been
growing
a
lot
one
of
the
things
we
just
mentioned.
Ip
ranges
when
you're
doing
remote
deployments
a
lot
of
the
providers
that
terafrom
supports
actually
have
data
sources
that
allow
you
to
retrieve
specific
ip
ranges
and
what's
super
cool
about
this
is
let's
say,
you're
running
your
github
actions,
agent
locally,
because
you
want
to
utilize
all
the
formatting
and
validation
tools
remotely,
but
the
actual
deployment
needs
to
happen
on
your
network
cool
run
a
local
agent.
B
B
B
Yeah,
I
I
noticed
two
really
cool
questions.
Get
some.
Do
you
guys
deploy
to
prod
on
rolling
bases,
it's
kind
of
personal?
It's
it's
not
personal.
It's
only
personal
when
the
rolling
basis
doesn't
work
out,
then
you
know,
then
it's
definitely.
No
I'm
sorry.
I
can't
tell
you
where
it
makes
sense.
Yes,
because
the
gatekeepers
should
be
automatic
and
they
should.
You
should
have
tooling
in
place
that
feels
comfortable
to
say.
Yes,
this
is
good
or
no.
This
isn't
good
and
also
be
very
restrictive.
B
Not
every
pr
has
to
end
up
being
on
main
and
being
a
deployable
version.
Sometimes
you
know
you're
just
exploring,
and
the
other
closing
word
is
literally
that
keep
exploring
it's.
It's
been
a
hard
year
for
a
lot
of
us
with
not
being
able
to
go
places,
but
that
doesn't
mean
that
the
learning
has
to
stop.
Conferences
might
not
be
here,
but
cool
streams
like
this
one
are
and
you
get
to
learn
from
other
people.
You
get
to
see
other
people
make
mistakes.