In our Lego city analogy, CI/CD pipelines are the global conveyor belts that deliver new building blocks to construction sites across multiple countries. Instead of manually shipping bricks to AWS, Azure, and GCP, the pipeline ensures every change is tested, reviewed, and deployed automatically across all providers.

This chapter explores how to design multi‑cloud CI/CD pipelines with Terraform, ensuring consistency, automation, and governance across diverse environments.

Key Concepts

1. Why Multi‑Cloud CI/CD?

• Consistency: Unified workflows across AWS, Azure, and GCP.
• Automation: Reduce manual effort for multi‑provider deployments.
• Governance: Enforce policies across all clouds.
• Speed: Faster, error‑free deployments globally.

2. Typical Pipeline Stages

• Validate: Run terraform fmt and terraform validate.
• Plan: Generate execution plan for each provider (terraform plan).
• Policy Check: Apply Sentinel or custom policies across clouds.
• Approval: Manual approval step for production applies.
• Apply: Run terraform apply to deploy changes across providers.

3. GitHub Actions Example (Multi‑Cloud)

name: Terraform Multi-Cloud CI/CD

on:
  push:
    branches: [ "main" ]

jobs:
  terraform:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v2

      - name: Terraform Init
        run: terraform init

      - name: Terraform Validate
        run: terraform validate

      - name: Terraform Plan AWS
        run: terraform plan -target=aws_instance.web -out=awsplan

      - name: Terraform Plan Azure
        run: terraform plan -target=azurerm_linux_virtual_machine.app_vm -out=azureplan

      - name: Terraform Plan GCP
        run: terraform plan -target=google_compute_instance.gcp_vm -out=gcpplan

      - name: Terraform Apply
        if: github.ref == 'refs/heads/main'
        run: terraform apply -auto-approve

4. Terraform Cloud Integration

• Connect repo to Terraform Cloud workspace.
• Pipeline triggers plan and apply automatically across providers.
• Sentinel policies enforce compliance.
• Notifications sent to Slack/email for visibility.

Hands‑On Lab / Demo

Lab: Multi‑Cloud CI/CD with GitHub Actions

1. Create .github/workflows/multicloud.yml.
2. Add stages: init, validate, plan for AWS, Azure, GCP.
3. Push code → GitHub Actions runs pipeline.
4. Review plan outputs for each provider.
5. Approve and apply changes across all clouds.

Pro Tips & Best Practices

• Separate pipelines for dev, staging, and prod across clouds.
• Require manual approval for production applies.
• Store secrets securely (GitHub Secrets, Vault, Terraform Cloud).
• Integrate cost estimation to avoid surprises.
• Document provider‑specific differences in pipeline configs.

Summary & Cheatsheet

• CI/CD = Automated conveyor belt for multi‑cloud deployments.
• Stages: Validate → Plan → Policy → Approval → Apply.
• Tools: GitHub Actions, Jenkins, GitLab CI, Terraform Cloud.
• Best practice: Automate everything, but approve production manually.

Quick mnemonic: Validate → Plan → Apply → Across Clouds

The Hackers Notebook

CI/CD for multi‑cloud is the automation engine of global deployments. By integrating Terraform with GitHub Actions, Jenkins, or Terraform Cloud, you ensure every change is tested, reviewed, and deployed seamlessly across AWS, Azure, and GCP.