Branching strategy and CI/CD pipeline for a Terraform project with multiple environments

Just in case anyone has the same dilemma: here is an explanatory video from Hashicorp: https://www.youtube.com/watch?v=IDLGpkRmDXg&list=PLN_ubMte0AR5s9r4aKsIzZHWo5eGkch1f&index=1

Following the terraform documentation from here https://www.hashicorp.com/blog/structuring-hashicorp-terraform-configuration-for-production i develop my application using modules and environments. So I have modules for storage, computing, networking, etc., and three environment folders for devel, stage, and production.

The file structure looks like this

── modules
  ├── compute 
   	│   ├── main.tf  
│   ├── outputs.tf
│   ├── variables.tf
├── database
├── storage
── development
   └── config.tf
    	   └── main.tf
    	   └── outputs.tf
    	   └──provider.tf
    	   └──variables.tf
── stage
── production

I deployed my code in the production environment, and everything works great, and now I want to deploy my staging and production environment.

I commit my code from development into a GitHub repo - development branch, but things get a little consing for me.

My first instinct was to create another two branches - for staging and production. But what about the environments folders I created in the original deployment code? I will end up with a development, stage, and production environment folder in each of those three GitHub branches.

I plan to use GitHub Actions - on branch push, do “terraform apply” for the environment that corresponds to that branch (do “terraform apply” for the development environment when a push is made to the development branch)

At this point, things are confusing;
Is it ok to have the duplicate code for each environment in each branch?
How should I organize the Github Branches ?
What will be the correct CI/CD pipeline stages?

> My first instinct was to create another two branches

Your instinct is correct. You should have one branch per environment, as this will allow you to make changes to one environment at a time, progressively. So first you would push your changes to the deployment branch, and if they are successful, you would then push the same changes to staging; likewise, if the changes are successful in staging, you would then push the changes to production.

> At this point, things are confusing; Is it ok to have the duplicate code for each environment in each branch?

Yes, it is ok. When working with terraform the two most common architectures are:

1. One folder for each environment
2. One single folder, which leverages terraform workspaces, for all environments

The first option is the one you've been considering, however you might also want to consider the second option. The first approach will have code duplication, however it will make your life easier if the environments aren't identical. The second approach has no code duplication, however environment specific configuration will be slightly cumbersome (depending on how many differences exist across the environments).