Comments (5)
The current workaround is adding the AWS_REGION to the environment variable for the workflow so it is picked up by the credential call
See below for an example:
jobs:
terraform-deploy:
runs-on: ubuntu-latest
env:
AWS_REGION: 'us-west-2'
permissions:
contents: write # required to merge PRs
actions: write # required for plan persistence
id-token: write # required for workload-identity-federation
pull-requests: write # required to post PR comments
statuses: write # required to validate combined PR status
steps:
- uses: actions/checkout@v4
- name: Setup GitHub Env
run: |
echo '${{secrets.TF_GIT_CONFIG}}' > ~/.gitconfig
- name: digger run
uses: diggerhq/[email protected]
with:
setup-terraform: true
disable-locking: true
aws-region: us-west-2
no-backend: true
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
```
from digger.
I think I have seen this behaviour before. Not sure why AWS sts client does not set a default region while setting a role. Need to dig further into it.
from digger.
One thing I am testing is this in the digger.yml to see if it fills the need without having to change the workflow file. Because if I update the workflow file then I lose the ability to have cross-region support out of the same repo. Where if I can assign it as an env variable in the workflow I can make magic happen
telemetry: false
traverse_to_nested_projects: true
projects:
- name: "{{github.org}}-{{github.repo}}-dev"
dir: dev
include_patterns: [
"./modules/**",
"./config/dev/**",
]
workflow_file: digger_workflow.yml
aws_role_to_assume:
state: {{output.stsStateRoleDev}}
command: {{output.stsCommandRoleDev}}
- name: "{{github.org}}-{{github.repo}}-prod"
dir: prod
include_patterns: [
"./modules/**",
"./config/prod/**",
]
workflow_file: digger_workflow.yml
aws_role_to_assume:
state: {{output.stsStateRoleProd}}
command: {{output.stsCommandRoleProd}}
workflows:
default:
env_vars:
state:
- name: AWS_REGION
value: {{config.region}}
commands:
- name: AWS_REGION
value: {{config.region}}
from digger.
I finally got around to testing this today and using this technique to set the region did not work:
workflows:
default:
env_vars:
state:
- name: AWS_REGION
value: "us-west-2"
commands:
- name: AWS_REGION
value: "us-west-2"
from digger.
I think I found the problem, when examining an environment with the workflow vars set when I looked at initialize digger config:
I see this:
Run diggerhq/[email protected]
with:
setup-terraform: true
disable-locking: true
no-backend: true
setup-aws: false
aws-region: us-east-1
setup-google-cloud: false
setup-azure: false
setup-terragrunt: false
setup-opentofu: false
terragrunt-version: v0.[5]
terraform-version: v1.5.5
configure-checkout: true
However, I am passing in us-west-2 and the credentials I have created are not in that region. So maybe this is part of the problem, I am digging in further to see if I can figure anything out.
from digger.
Related Issues (20)
- Version 25 not listening on correct port
- Feat: read gcp state bucket from terraform HOT 2
- Move port config back to viper
- Run report comment does not show project name
- Bring back support for the branch option in digger.yml
- Extract comment rendering logic in CLI and backend into shared libs HOT 1
- Refactor async operations e.g. locking
- Add an additional role arn config of "plan" to aws_role_to_assume HOT 2
- Dynamically collapse or exapand comments based on some heuristic
- digger unlock says "apply" in comment title
- drift-detection: error 403 HOT 1
- Parameterize OPA validation check commenting HOT 1
- Orchestrator is not using jobtype in report title HOT 2
- [RFC] Pull-based jobs dispatch for integration with custom compute backends
- [RFC] Checking .terraform.lock.hcl for allowed providers
- [RFC] TeamCity support as compute backend
- Module grouping render mode bug: digger apply showing "plan" as comment titles
- Golang caching does not cache dependencies on action builds HOT 6
- Digger fails to parse plans provided by OpenTofu
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from digger.