Workflows

Streamline Terraform deployments in your CI/CD pipelines.

Firefly Workflows is a powerful tool used to deploy Terraform within your CI/CD pipelines. Our documentation provides comprehensive guidance on creating and customizing workflows, in addition to integrating with existing pipelines.

Determining which type of workflow to integrate

The decision between creating a new workflow or integrating into an existing one depends on the specific requirements and structure of your project and CI/CD environment.

Managed workflows

Create a new workflow in Firefly when you need to establish a dedicated deployment process for a specific project or task. Ideal for:

• Simplifying the setup and management of CI/CD pipelines

• Automating Terraform deployments

Integrate into existing CI pipelines

This method is only for visualization and monitoring of your current deployment processes, improving efficiency and visibility without causing disruption to your existing workflow setup.

Creating Firefly workflows

To automate the deployment of your Terraform code, use our wizard to create a workflow within your CI/CD pipeline.

• Each workflow corresponds to a workspace and facilitates the deployment of new resources or modifications to existing ones within your IaC stack.

• For each workspace, we run terraform plan and apply when making changes to your resources.

• Each row under Workspace represents a pull request in Git that contains your changes to the Terraform pipeline.

• Creating a pull request automatically runs terraform plan.

• Merging a pull request automatically runs terraform apply.

• To edit attributes and/or modify variables, select the edit icon.

Procedure

1. Select Workflows > + Add New Workflow.

2. Select your IaC provisioning engine > Next.

3. Select Generate new IaC pipeline or Integrate into an existing pipeline > Next.

4. In the Workspace Name field, enter the name of the workspace you want to create.

5. Under VCS integration, select the VCS (Git) integration where you want to create the workflow.

6. Select the Code repository where the workspace Terraform code is located.

7. Select the Default branch of the repository. Merging into this branch will apply the changed workspace (e.g., main).

   • (Optional) Enter the Working directory of the workspace. If it's empty, the working directory will run from the root folder.

8. Select Next.

9. Enter the Terraform version used to deploy your Workspace.

   • (Optional) In the TFvars file path field, enter the workspace tfvars file path relative to the working directory path.

   • (Optional) In the Terraform environment name field, enter the Terraform workspace name of your workspace. If using the same backend for multiple environments, you can set a Terraform workspace that changes the backend path to the environment name.

   • (Optional) Enter non-sensitive Terraform variables.

   • (Optional) Enter sensitive Terraform variables.

10. Select Next.

    • (Optional) In the Self-hosted runner labels field, enter the relevant labels to run the CI/CD pipeline on self-hosted runners.

    • (Optional) When using the AWS profile as the AWS provider authentication, enter the AWS profile configuration .

    • (Optional) When using environment variables as the provider authentication, enter the Provider credentials.

11. Select Next > Done. Your workflow has been created.

Integrating into an existing CI pipeline

To integrate your existing Terraform deployment pipelines, use Firefly's docker.

To create a custom workflow, you must be authenticated with Firefly. To authenticate your account, procure an access key and secret key from Firefly.

Use one of the methods below to send your data to Firefly:

• Pass the keys as arguments (--access-key and --secret-key)

• Pass the keys as environment variables (FIREFLY_ACESS_KEY and FIREFLY_SECRET_KEY)

Procedure

1. Select Create key pair.

2. Store the access key and secret key in your secret manager that is accessible to your CI/CD tool.

3. In your pipeline, add the Firefly access key and secret key as Environment Variables as FIREFLY_ACCESS_KEY and FIREFLY_SECRET_KEY.

4. Modify your terraform plan to include file output to plan_log.json and plan.json. Example: terraform plan -json -out=tf.plan > plan_log.json && terraform show -json tf.plan > plan.json

5. Add a new pipeline step: Firefly CI Post Plan, which runs between terraform plan and terraform apply. The step should execute the docker run command below: docker run --rm -e FIREFLY_ACCESS_KEY -e FIREFLY_ACCESS_KEY -v $(pwd):/app/cicd public.ecr.aws/firefly/fireflyci:v0.2.5 post-plan -l /app/cicd/plan_log.json -f /app/cicd/plan.json -w <WORKSPACE_NAME>

   • -w Workspace name displayed in Firefly, unique to this workflow for each Terraform workspace

6. Modify your terraform apply to include file output to apply_log.json. Example: terraform apply -auto-approve -json > apply_log.json

7. Add a new pipeline step: Firefly CI Post Apply, which runs after terraform apply.

   This should execute the docker run command below: docker run --rm -e FIREFLY_ACCESS_KEY -e FIREFLY_ACCESS_KEY -v $(pwd):/app/cicd public.ecr.aws/firefly/fireflyci:v0.2.5 post-apply -f /app/cicd/apply_log.json -w <WORKSPACE_NAME>

   • -w Workspace name displayed in Firefly, unique to this workflow for each Terraform workspace. Use the same value you provided in step #5

Table

• Each Workspace represents one IaC stack and one Firefly Workflow.

• Each Workspace deploys a few assets connected to each other. They can be in multiple providers or in one provider.

• To view Workspace details, select the caret.

Column	Description
Started at	When the Terraform plan or apply was started
Build ID	CI/CD pipeline run ID with link
Title	CI/CD run title
Commit ID	Commit used to run the CI/CD pipeline
Branch	Branch used to run the CI/CD pipeline
Summary	Resource actions (e.g. create, destroy, change, import)
Policy Violations	Summary of the violations in your Terraform plan
Cost Est	Estimated cost adjustment in your Terraform plan or apply
Owner	Owner of the Terraform plan or apply
Status	Whether the Terraform plan or apply failed

Support Matrix

Type of Workflow	CI tools	IaC type	Integration method
Managed by Firefly	GitHub actions	Terraform	Firefly workflow wizard
Integrated with an existing Workflow	Any	OpenTofu, Terraform	Self-service

FAQ

What is Firefly Workflows?

Firefly Workflows is a powerful tool for deploying Terraform within CI/CD pipelines. It streamlines deployment processes, offering an intuitive wizard interface to automate Terraform code deployment. Each workflow corresponds to a workspace, simplifying the deployment of resources. Additionally, Firefly Workflows provides visualization and monitoring features, enhancing deployment efficiency and visibility.

When should I create a new workflow in Firefly?

Creating a new workflow is suitable when you need to establish a dedicated deployment process for a specific project or task, simplifying CI/CD pipeline setup and management.

How do I create a Firefly workflow?

Use the Firefly wizard to automate Terraform deployment by creating a workflow within your CI/CD pipeline, with each workflow corresponding to a workspace.

How do I integrate Firefly into an existing CI pipeline?

Firefly provides Docker-based integration for existing Terraform deployment pipelines. Authentication is required, and deployment triggers are set up between terraform plan and terraform apply. To integrate Firefly with your existing CI pipeline, follow the procedure outlined in the documentation.

What are the system requirements for using Firefly Workflows?

Firefly Workflows require a compatible CI/CD environment with support for Docker and Terraform/OpenTofu.

Can Firefly Workflows integrate with other CI/CD tools apart from the ones mentioned in the documentation?

Yes, Firefly Workflows can integrate with all CI/CD tools. Firefly provides a Docker-based solution that can work on any CI/CD tool.

Are there any limitations on the size or complexity of Terraform projects that Firefly Workflows can handle?

Firefly Workflows are designed to accommodate Terraform projects of varying sizes and complexity levels. There are no strict limitations imposed by Firefly Workflows.

Do Firefly Workflows support multi-cloud deployments?

Yes, Firefly Workflows support multi-cloud deployments, allowing you to manage infrastructure across multiple cloud providers within a unified workflow.

How do Firefly Workflows handle state management and synchronization across multiple environments?

Firefly Workflows leverage Terraform's state management features to track and synchronize infrastructure state across multiple environments. Each workspace within Firefly corresponds to a Terraform workspace, enabling isolation and management of state files for different environments.

Can Firefly Managed Workflows automatically trigger deployments based on specific events or conditions?

Yes, Firefly managed Workflows can automatically trigger deployments based on specific events or conditions. When you create a pull request (PR) is created, Firefly initiates a Terraform plan, which provides insights into the changes to be applied to the infrastructure. After merging the PR into the default branch, Firefly triggers the terraform apply process, which applies the planned changes to the infrastructure.

How do Firefly Workflows ensure the security of sensitive data?

Firefly Workflows prioritize the security of sensitive data. Before transmitting any data to Firefly's servers, sensitive information is meticulously redacted to prevent unauthorized access or exposure. This ensures that sensitive data remains protected throughout the deployment process.

Do Firefly Workflows provide any built-in monitoring or alerting capabilities for deployments?

Firefly is currently in the process of developing monitoring and alerting functionalities for deployments and will be incorporated into Firefly Workflows in the near future. Stay tuned for further updates on the integration of monitoring and alerting capabilities within the platform.

Is there a limit to the number of workspaces or workflows that can be created within Firefly Workflows?

Firefly Workflows do not impose strict limits on the number of workspaces or workflows that can be created within the platform. You can create and manage multiple workspaces and workflows to accommodate diverse projects, environments, and deployment scenarios effectively.

Is there a way to track and visualize the progress of deployments across multiple environments in Firefly Workflows?

Yes, Firefly Workflows provide tools and dashboards for tracking and visualizing the progress of deployments across multiple environments in real-time. You can view deployment status, execution logs, resource changes, and pipeline metrics using integrated monitoring and visualization features within the Firefly Workflows dashboard.

Do I need to provide Firefly Workflows with my cloud credentials?

No, Firefly Workflows do not require you to provide your cloud credentials. Firefly prioritizes security and does not handle or store your cloud credentials.

Does Firefly host the CI/CD runners to execute the Terraform runs?

No, Firefly does not host the CI/CD runners. You are responsible for managing your CI/CD infrastructure, including runners, to execute Terraform runs.

What happens to my run if Firefly's endpoint is unavailable?

If Firefly's endpoint is unavailable, your CI/CD pipeline will operate normally. However, deployment updates won't appear in the Firefly app or dashboard until the endpoint is accessible again. Please note that pipeline execution remains unaffected, but visibility into deployment status within Firefly will be temporarily interrupted.