Terraform GitHub Actions
License: Mozilla Public License 2.0
This hashicorp/terraform-github-actions repository is no longer actively developed or maintained. It has been superseded by the hashicorp/setup-terraform GitHub action.
Thank you to all of the users and contributors that made this repository possible. Hope to see you using the new hashicorp/setup-terraform GitHub action!
v0.3.1
The fmt action fails silently on a Terraform repo that passes terraform fmt locally. There is no ouput in the Github Action logs or any comments on the PR that describes why it has failed.
### STARTED terraform-fmt 10:33:49Z
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
### FAILED terraform-fmt 10:34:00Z (10.782s)
workflow "Terraform Enterprise" {
resolves = "terraform-plan"
on = "pull_request"
}
action "filter-to-pr-open-synced" {
uses = "actions/bin/filter@master"
args = "action 'opened|synchronize'"
}
action "terraform-fmt" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "filter-to-pr-open-synced"
secrets = ["GITHUB_TOKEN"]
}
action "terraform-init" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-fmt"
secrets = ["GITHUB_TOKEN", "TF_ACTION_TFE_TOKEN"]
env = {
TF_ACTION_TFE_HOSTNAME = "app.terraform.io"
}
}
action "terraform-validate" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-init"
secrets = ["GITHUB_TOKEN"]
}
action "terraform-plan" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-validate"
secrets = ["GITHUB_TOKEN", "TF_ACTION_TFE_TOKEN"]
env = {
TF_ACTION_TFE_HOSTNAME = "app.terraform.io"
}
}
I'm trying to setup GitHub Actions for the first time. The goal is to have terraform fmt run on the specific file that's listed in a pull request. Looks like you can only do so on a directory, so trying to figure out how to dynamically figure that out based on file path. I've the same workflow from the official docs. I'm thinking because every file needs to be formatted, that it runs into this issue?
Step 10/11 : COPY entrypoint.sh /entrypoint.sh
---> 46a7ac06a80c
Step 11/11 : ENTRYPOINT ["/entrypoint.sh"]
---> Running in 537ed01456ed
---> 19063ae06c35
Successfully built 19063ae06c35
Successfully tagged gcr.io/gct-12-o8j5btwcsznlu4r352a0flm/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/dc2b4b57b2c0f541e99a0d9e1a1e9cdd48c7e393a9f23d0068f27104e3230fa0:9fbe06d0103176b8a075ad1f2be9c8b041485afdbe442ba33d16a01769892b04
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
...
...
/entrypoint.sh: line 36: jq: Argument list too long
### FAILED terraform-fmt 21:01:16Z (32.528s)
Hi, I would like to report a bug. The validate subcommand does require TF CLI config .terraformrc. This is my workaround by overriding the docker entry point but it would be nice if TF GitHub actions could handle it.
name: Terraform
on: [pull_request]
jobs:
linting:
name: Terraform - Linting
runs-on: ubuntu-latest
strategy:
matrix:
dirs: [cloudflare, network, iam, shared, live/qa1, live/stg, live/front-proxy]
steps:
- uses: actions/checkout@master
- name: Terraform - Format
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.13
tf_actions_subcommand: fmt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Terraform - Init
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.13
tf_actions_subcommand: init
tf_actions_working_dir: ${{ matrix.dirs }}
env:
TF_CLI_ARGS_init: '-backend-config="token=${{ secrets.TFE_TOKEN }}"'
- name: Terraform - Validate
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.13
tf_actions_subcommand: validate
tf_actions_working_dir: ${{ matrix.dirs }}
entrypoint: sh
args: -c "echo credentials app.terraform.io { token = \\\"${TFE_TOKEN}\\\" } > ~/.terraformrc; /src/main.sh"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TFE_TOKEN: ${{ secrets.TFE_TOKEN }}I tried with both TF_CLI_ARGS_init: -backend-config="token=${{ secrets.TFE_TOKEN }}" then -backend=false at the Init step, but they all failed with this error if I don't override the docker entry point:
Error: Required token could not be found
Make sure you configured a credentials block for app.terraform.io in your CLI
Config File.Hi there. I'm trying out the Github Actions integration with Terraform using this project and I came across the following limitation. My repo is using the "Directories" example at the end of https://www.terraform.io/docs/enterprise/workspaces/repo-structure.html . Each environment directory corresponds to a different AWS account.
But from what I found in github actions docs, it's not possible to use the same secret name on the same repo more than once, even if it will be used by a different github action workflow. So it's not possible to have a AWS_ACCESS_KEY_ID secret for the QA env workflow and a different AWS_ACCESS_KEY_ID secret for use by the Staging env workflow.
So, is there a way to supply the secrets in a different way that will overcome this limitation in Github Actions or I should be looking at an alternative CI tool?
Thank you
Allow integrating a 3rd party provider into the run for this action, e.g. https://github.com/Mongey/terraform-provider-kafka
When using the init action as defined below:
name: Terraform
on: [push]
jobs:
Formatting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Formatting
uses: hashicorp/terraform-github-actions/[email protected]
Validation:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Init
uses: hashicorp/terraform-github-actions/[email protected]
- name: Validation
uses: hashicorp/terraform-github-actions/[email protected]
env:
AWS_DEFAULT_REGION: us-east-1
the init step fails due to not being able to clone the repo:
[DEBUG] Using modified User-Agent: Terraform/0.12.6 terraform-github-actions/1.0
Initializing modules...
Downloading [email protected]:terraform-aws-modules/terraform-aws-eks.git?ref=v5.0.0 for eks...
Error: Failed to download module
Could not download module "eks" (eks.tf:1) source code from
"[email protected]:terraform-aws-modules/terraform-aws-eks.git?ref=v5.0.0": error
downloading
'ssh://[email protected]/terraform-aws-modules/terraform-aws-eks.git?ref=v5.0.0':
/usr/bin/git exited with 128: Cloning into '.terraform/modules/eks'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Any ideas about how this could be fixed?
The npm action has a comment suggesting some bash magic to insert SSH keys. Maybe something along these lines?
I am new to GitHub actions so I may be totally missing something.
Hello, the actions have jq and curl - would a pr adding bash be welcomed?
Today I'm deploying containers on ECS Fargate and start to work on deploy review apps.
So when someone opens a PR we want do raise a whole new environment, so the client/PO/whatever can use the feature and see for yourself if it's good to go for production.
Each of our environments (staging, sandbox, and production) are a new workspace and to deploy a new review app we just need to the following:
terraform workspace new feature-name
terraform plan
terraform apply
And when the PO/Cliente/whatever approves and the feature is merged we will destroy this environment running terraform destroy ( #43 ).
The problem is when we create our PR the workspace doesn't even exist so I had added a variable called TF_WORKSPACE_FORCE_CREATE to be passed to plan action and create the new workspace on the fly.
If you find that it could be useful I'll open the PR.
Anyone that already created an infra via terraform-github-actions should be destroy this infra via terraform-github-actions.
Hi,
I am trying to use the terraform Actions on my Terraform infrastructure code repo.
The check in question: https://github.com/ironPeakServices/infrastructure/pull/5/checks?check_run_id=215011740
It always fails with: "Error: No configuration files"
However I have a main.tf and variables.tf files in the root of the repo. Ideas?
I tried adding with: args: . but that did not help.
Thanks!
TF expects a path to a JSON file (doesnt support the JSON in an env var AFAIK).
If you need access to GCP creds either for provider or state, what's the recommended way to deal with this and/or is it even possible currently?
My thinking right now is to see if you'd accept a patch that worked this way:
Not my preferable solution, but the only way i can think of without modifying terraform itself.
I'm running into an error Failed to get existing workspaces: http: read on closed response body running terraform init @ GitHub Actions.
This workflow configuration
- name: Terraform init
env:
TF_VERSION: 0.12.13
TF_ACTION_WORKING_DIR: ./path/to/working/dir
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: ${{ env.TF_VERSION }}
tf_actions_subcommand: 'init'
tf_actions_working_dir: ${{ env.TF_ACTION_WORKING_DIR }}
produces
> Run hashicorp/terraform-github-actions@master
/usr/bin/docker run ...
Downloading Terraform v0.12.13
Successfully downloaded Terraform v0.12.13
Unzipping Terraform v0.12.13
Successfully unzipped Terraform v0.12.13
init: info: initializing Terraform configuration in ./path/to/working/dir
init: error: failed to initialize Terraform configuration in ./path/to/working/dir
Initializing modules...
- # ... 7 modules init without exception ...
Initializing the backend...
Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Error: Failed to get existing workspaces: http: read on closed response body
init: info: creating JSON
init: info: commenting on the pull request
##[error]Docker run failed with exit code 1
Running terraform init on my local machine at a fresh copy of same repo leads to:
$ cd ./path/to/working/dir && terraform init
Initializing modules...
- # ... same 7 modules as above ...
Initializing the backend...
Successfully configured the backend "azurerm"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "github" (hashicorp/github) 2.2.1...
The following providers do not have any version constraints # ... and so on ...
Terraform has been successfully initialized!
Do you have any idea why my pipeline is failing? ๐ค
Thanks alot for these scripts. Appreciate many changes are coming to Terraform, but would like to propose minor changes to avoid what is potentially very long output in pull request reviews for Terraform GitHub Actions:
<details> tag.For point 1: This is bad example but I guess it could be possible to do something similar to this on the output:
sed -n -r '/-{72}/,/-{72}/{ /-{72}/d; p }'For point 2 I guess it could be possible to do something like this:
if [ $(echo "$OUTPUT" | wc -l) -gt 25 ]; then
COMMENT="#### \`terraform plan\` Failed
<details><summary>Show Output</summary>
\`\`\`diff
$FMT_PLAN
\`\`\`
</details>
"
fiWould be happy to make PR for this but wanted to raise the issue first.
Thanks for considering,
Edit: Just noticed both these issues are already addressed in Atlantis, that is maintained by the same person who created these scripts :)
Currently, you must use the latest version of Terraform. It would be great to support something like a TF_ACTION_TF_VERSION environment variable.
The current bash scripts have gotten too long. They are now quite complex, hard to test, and have lots of duplication.
I think it would be best to rewrite the actions in golang and properly test them.
If you try to run the suggested workflow on every commit instead of just on pull requests, it fails since it assumes you're running on a PR. Would be great if it could run on push and then comment on the commit if you're not running against a PR
- name: terraform-init
uses: hashicorp/terraform-github-actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TF_ACTION_WORKING_DIR: .
TF_ACTION_WORKSPACE: production
TF_ACTION_TFE_TOKEN: ${{ secrets.TF_ACTION_TFE_TOKEN }}
Run hashicorp/terraform-github-actions/[email protected]
/usr/bin/docker run --name ec5e59344abd5d0741c0b5dfca8bc09b44ad_9a9c0b --label 20ec5e --workdir /github/workspace --rm -e GITHUB_TOKEN -e TF_ACTION_WORKING_DIR -e TF_ACTION_WORKSPACE -e TF_ACTION_TFE_TOKEN -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/wevox-terraform/wevox-terraform":"/github/workspace" 20ec5e:59344abd5d0741c0b5dfca8bc09b44ad
2019/08/29 13:30:36 [DEBUG] Using modified User-Agent: Terraform/0.12.7 terraform-github-actions/1.0
Initializing the backend...
Successfully configured the backend "remote"! Terraform will automatically
use this backend unless the backend configuration changes.
The currently selected workspace (default) does not exist.
This is expected behavior when the selected workspace did not have an
existing non-empty state. Please enter a number to select a workspace:
1. production
2. staging
Enter a value:
Error: Failed to select workspace: input not a valid number
##[error]Docker run failed with exit code 1
0.3.3
0.12.4
My workflow is quite simple, it's basically:
Configure credentials to GCP (Using GitHub Action for Google Cloud SDK auth) -> terraform fmt -> terraform init -> terraform validate and finally terraform plan.
In the plan step it fails stating that an error ocurred while trying to read the existing resource on GCP due to a timeout.
It works without errors when running locally.
module.vpc.google_compute_network.vpc: Refreshing state... [id=REDACTED_RESOURCE]
Error: Error reading ComputeNetwork "REDACTED_RESOURCE": Get https://www.googleapis.com/compute/v1/projects/REDACTED_PROJECT/global/networks/REDACTED_RESOURCE?alt=json: Get http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token?scopes=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcompute%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcloud-platform%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fndev.clouddns.readwrite%2Chttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdevstorage.full_control: dial tcp 169.254.169.254:80: i/o timeout
workflow "Ops Environment" {
on = "pull_request"
resolves = [
"terraform-plan",
"terraform-fmt",
"GitHub Action for Google Cloud SDK auth",
]
}
action "filter-to-pr-open-synced" {
uses = "actions/bin/filter@master"
args = "action 'opened|synchronize'"
}
action "terraform-fmt" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = [
"filter-to-pr-open-synced",
"GitHub Action for Google Cloud SDK auth",
]
secrets = [
"GITHUB_TOKEN",
]
env = {
TF_ACTION_WORKING_DIR = "./environments/ops/"
}
}
action "terraform-init" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-fmt"
secrets = [
"GITHUB_TOKEN",
"TF_ACTION_TFE_TOKEN",
]
env = {
TF_ACTION_WORKING_DIR = "./environments/ops"
}
}
action "terraform-validate" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-init"
secrets = [
"GITHUB_TOKEN",
"GCLOUD_AUTH",
]
env = {
TF_ACTION_WORKING_DIR = "./environments/ops"
}
}
action "terraform-plan" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-validate"
secrets = [
"GITHUB_TOKEN",
"TF_ACTION_TFE_TOKEN",
"GCLOUD_AUTH",
]
env = {
TF_ACTION_WORKING_DIR = "./environments/ops"
TF_ACTION_WORKSPACE = "default"
}
}
action "GitHub Action for Google Cloud SDK auth" {
uses = "actions/gcloud/auth@dc2b6c3bc6efde1869a9d4c21fcad5c125d19b81"
secrets = [
"GCLOUD_AUTH"
]
}
Doing some exploratory testing I stumbled upon this situation: github-actions bot normally comments with output of terraform plan. When I lock the PR there are no more comments. I know this is what locking is for but a bot should be able to reply IMHO.
Is this behaviour intended? Or limited by GitHub API? Then I'll file an issue at GitHub Actions.
Example: Between locking and unlocking PR in the image below it did terraform plan action, so I'd expected a comment just like the other ones.
The base-branch-filter action always fails, and therefore does not filter branches correctly.
Successfully built 7bb7fcc3c031
Successfully tagged gcr.io/gct-12-544gmaxfhk1thluxfy-c4nj/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/b47dd8342c9aa32e46b5ccd3841dfa877e37975b544695797b557cb45ca1956d:6dca183548532e4d8cb4cd774c3dad26684a6b3dead4825f79f9ee8fc20a599b
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
/entrypoint.sh: line 8: : Permission denied
### SUCCEEDED filter-base-branch-production 16:33:09Z (32.066s)
You can see the error is on line 8. It looks like since $actual is not defined, the grep command can't do anything.
terraform-github-actions/base-branch-filter/entrypoint.sh
Lines 5 to 11 in 9abe306
It would be great if the plan action sets an output variable, whether the plan succeeded with empty or non-empty diff, that actions running later in a job can use.
Hi,
I see the Action is trying to post the changes as a comment, but this requires the use of a file that is present which seemingly isn't there when merging, as can be seen here: https://github.com/ironPeakServices/infrastructure/commit/55d2dc2ec0d6ce210d33e2213de6e2035fd91459/checks
Can we check whether we are in a pull request (e.g. if the file exists), and if we don't skip posting the comment?
Firstly thanks for putting these together, they have been really useful when testing out Github actions with Terraform repos.
I've got a statefile that has been applied using v0.11.10 but as the actions are using v0.11.08 as the base image they're failing.
I can quickly put a PR together to update the base Dockerfiles that'll I'll link to this issue.
Thanks again :)
Hi,
I am running into the following issue when running a plan. We are using the aws security group module which contains hundreds of security rules. Is there a workaround to make this work using github actions?
Plan: 663 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
/entrypoint.sh: line 81: jq: Argument list too long
##[error]Docker run failed with exit code 126
Related to this closed issue, but doesn't seem like it is resolved #16
We are receiving the following error when running hashicorp/terraform-github-actions/[email protected]. This is preceded by the init action of the same version, which does not error.
Plan: 72 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
curl: (6) Could not resolve host: null
##[error]Docker run failed with exit code 6
Note, we are using the Terraform GitHub Provider as follows * provider.github: version = "~> 2.2".
Also, it appears that a local state file is being used, rather than the shared s3 backend, as the plan action reports it will add all the terraform resources (72 of them) that have been previously set up. I can't share details of the actual github resources as they contain user details...
Hello from the GitHub Actions team!
We're really thrilled that you've been with us through the early stages of our beta. โค๏ธ And as we get closer to releasing Actions publicly, we're happy that you've built this action.
However, during the beta, we've deprecated the HCL syntax. Now workflows are configured with a YAML configuration.
That means - unfortunately - that the examples in your documentation will not work with a GitHub Actions workflow. We just wanted to make you aware so that you could update the documentation for your action to use the YAML workflow. This will make sure that users can set up your action correctly and easily.
Please let us know if you have any questions about the new syntax. Thanks!
From Terraform docs:
The optional -out argument can be used to save the generated plan to a file for later execution with terraform apply, which can be useful when running Terraform in automation.
Until terraform-github-actions/[email protected] out parameter could be defined using with > args like that:
- uses: hashicorp/terraform-github-actions/[email protected]
with:
args: -out example.tfplan
Is there a way setting output file name in v0.5.x?
It seems that v0.5.0 version cannot support tfe token. When can you add it?
Hello,
Before v0.5.0 you had to update the Terraform version in these actions. Now the end user needs to update the Terraform version. Is it possible to add a feature to just use latest Terraform version? We are using Terraform Cloud with workspaces set to "latest" version. It's difficult to time a change to "tf_actions_version", in a large amount of repositories, with the Terraform releases.
Thanks
I had a strange problem that night with actions stuck and doing nothing.
They have been killed after 6 hours. See log (TF_LOG=DEBUG) hereunder
The problem is transient (it works now) and related to AWS, although it worked well from my machine at the time of the problem.
The issue here is that the operation was not protected by any timeout, apart from the 6h timeout of github.
2019-10-28T22:22:04.9949049Z ##[group]Run hashicorp/terraform-github-actions/[email protected]
2019-10-28T22:22:04.9949218Z with:
2019-10-28T22:22:04.9949332Z args: -var-file=preproduction.tfvars -var-file=secrets.tfvars
2019-10-28T22:22:04.9949473Z env:
2019-10-28T22:22:04.9949594Z ENV: preproduction
2019-10-28T22:22:04.9949804Z GITHUB_TOKEN: ***
2019-10-28T22:22:04.9949933Z TF_ACTION_WORKING_DIR: ./infrastructure/terraform
2019-10-28T22:22:04.9950070Z TF_ACTION_WORKSPACE: preproduction
2019-10-28T22:22:04.9950391Z AWS_ACCESS_KEY_ID: ***
2019-10-28T22:22:04.9950540Z AWS_SECRET_ACCESS_KEY: ***
2019-10-28T22:22:04.9950667Z AWS_DEFAULT_REGION: eu-central-1
2019-10-28T22:22:04.9951066Z TF_LOG: DEBUG
2019-10-28T22:22:04.9951186Z ##[endgroup]
2019-10-28T22:22:04.9969617Z ##[command]/usr/bin/docker run --name dd9e73ee50f9da07654ff089797db44968ed00_438486 --label dd9e73 --workdir /github/workspace --rm -e ENV -e GITHUB_TOKEN -e TF_ACTION_WORKING_DIR -e TF_ACTION_WORKSPACE -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_DEFAULT_REGION -e TF_LOG -e INPUT_ARGS -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/redacted-data/redacted-data":"/github/workspace" dd9e73:ee50f9da07654ff089797db44968ed00 -var-file=preproduction.tfvars -var-file=secrets.tfvars
2019-10-28T22:22:05.5523122Z 2019/10/28 22:22:05 [INFO] Terraform version: 0.12.12
2019-10-28T22:22:05.5528393Z 2019/10/28 22:22:05 [INFO] Go runtime version: go1.12.9
2019-10-28T22:22:05.5532140Z 2019/10/28 22:22:05 [INFO] CLI args: []string{"/bin/terraform", "workspace", "select", "preproduction"}
2019-10-28T22:22:05.5533430Z 2019/10/28 22:22:05 [DEBUG] Attempting to open CLI config file: /github/home/.terraformrc
2019-10-28T22:22:05.5534573Z 2019/10/28 22:22:05 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2019-10-28T22:22:05.5538337Z 2019/10/28 22:22:05 [INFO] CLI command args: []string{"workspace", "select", "preproduction"}
2019-10-28T22:22:05.5599029Z 2019/10/28 22:22:05 [INFO] Setting AWS metadata API timeout to 100ms
2019-10-28T22:22:05.5638849Z 2019/10/28 22:22:05 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id
2019-10-28T22:22:05.5639134Z 2019/10/28 22:22:05 [INFO] AWS Auth provider used: "EnvProvider"
2019-10-28T22:22:05.5639316Z 2019/10/28 22:22:05 [DEBUG] Trying to get account information via sts:GetCallerIdentity
2019-10-28T22:22:05.5639769Z 2019/10/28 22:22:05 [DEBUG] [aws-sdk-go] DEBUG: Request sts/GetCallerIdentity Details:
2019-10-28T22:22:05.5640164Z ---[ REQUEST POST-SIGN ]-----------------------------
2019-10-28T22:22:05.5640319Z POST / HTTP/1.1
2019-10-28T22:22:05.5640414Z Host: sts.amazonaws.com
2019-10-28T22:22:05.5641123Z User-Agent: aws-sdk-go/1.25.3 (go1.12.9; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.12
2019-10-28T22:22:05.5641882Z Content-Length: 43
2019-10-28T22:22:05.5642668Z Authorization: AWS4-HMAC-SHA256 Credential=***/20191028/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=5fdca80c13478fc788a61b38caf5b9d6f27d303877f3e4993874abe89e6befde
2019-10-28T22:22:05.5643170Z Content-Type: application/x-www-form-urlencoded; charset=utf-8
2019-10-28T22:22:05.5643540Z X-Amz-Date: 20191028T222205Z
2019-10-28T22:22:05.5643850Z Accept-Encoding: gzip
2019-10-28T22:22:05.5643958Z
2019-10-28T22:22:05.5644320Z Action=GetCallerIdentity&Version=2011-06-15
2019-10-28T22:22:05.5644669Z -----------------------------------------------------
2019-10-28T22:22:05.6491703Z 2019/10/28 22:22:05 [DEBUG] [aws-sdk-go] DEBUG: Response sts/GetCallerIdentity Details:
2019-10-28T22:22:05.6492390Z ---[ RESPONSE ]--------------------------------------
2019-10-28T22:22:05.6492514Z HTTP/1.1 200 OK
2019-10-28T22:22:05.6492652Z Connection: close
2019-10-28T22:22:05.6492971Z Content-Length: 410
2019-10-28T22:22:05.6493288Z Content-Type: text/xml
2019-10-28T22:22:05.6493436Z Date: Mon, 28 Oct 2019 22:22:05 GMT
2019-10-28T22:22:05.6493825Z X-Amzn-Requestid: 5f749ea8-f9d1-11e9-9846-6b491b476e14
2019-10-28T22:22:05.6493900Z
2019-10-28T22:22:05.6493995Z
2019-10-28T22:22:05.6494333Z -----------------------------------------------------
2019-10-28T22:22:05.6495086Z 2019/10/28 22:22:05 [DEBUG] [aws-sdk-go] <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
2019-10-28T22:22:05.6495261Z <GetCallerIdentityResult>
2019-10-28T22:22:05.6495898Z <Arn>arn:aws:iam::redacted:user/github-action</Arn>
2019-10-28T22:22:05.6496066Z <UserId>redacted</UserId>
2019-10-28T22:22:05.6496215Z <Account>redacted</Account>
2019-10-28T22:22:05.6496371Z </GetCallerIdentityResult>
2019-10-28T22:22:05.6496510Z <ResponseMetadata>
2019-10-28T22:22:05.6496890Z <RequestId>5f749ea8-f9d1-11e9-9846-6b491b476e14</RequestId>
2019-10-28T22:22:05.6497048Z </ResponseMetadata>
2019-10-28T22:22:05.6497188Z </GetCallerIdentityResponse>
2019-10-28T22:22:05.6500411Z 2019/10/28 22:22:05 [DEBUG] checking for provider in "."
2019-10-28T22:22:05.6519572Z 2019/10/28 22:22:05 [DEBUG] checking for provider in "/bin"
2019-10-28T22:22:05.6525514Z 2019/10/28 22:22:05 [DEBUG] checking for provider in ".terraform/plugins/linux_amd64"
2019-10-28T22:22:05.6529582Z 2019/10/28 22:22:05 [DEBUG] found provider "terraform-provider-aws_v2.33.0_x4"
2019-10-28T22:22:05.6531903Z 2019/10/28 22:22:05 [DEBUG] found provider "terraform-provider-postgresql_v1.2.0_x4"
2019-10-28T22:22:05.6532358Z 2019/10/28 22:22:05 [DEBUG] found provider "terraform-provider-rancher2_v1.6.0_x4"
2019-10-28T22:22:05.6536588Z 2019/10/28 22:22:05 [DEBUG] found valid plugin: "aws", "2.33.0", "/github/workspace/infrastructure/terraform/.terraform/plugins/linux_amd64/terraform-provider-aws_v2.33.0_x4"
2019-10-28T22:22:05.6537280Z 2019/10/28 22:22:05 [DEBUG] found valid plugin: "postgresql", "1.2.0", "/github/workspace/infrastructure/terraform/.terraform/plugins/linux_amd64/terraform-provider-postgresql_v1.2.0_x4"
2019-10-28T22:22:05.6539149Z 2019/10/28 22:22:05 [DEBUG] found valid plugin: "rancher2", "1.6.0", "/github/workspace/infrastructure/terraform/.terraform/plugins/linux_amd64/terraform-provider-rancher2_v1.6.0_x4"
2019-10-28T22:22:05.6542910Z 2019/10/28 22:22:05 [DEBUG] checking for provisioner in "."
2019-10-28T22:22:05.6549064Z 2019/10/28 22:22:05 [DEBUG] checking for provisioner in "/bin"
2019-10-28T22:22:05.6554360Z 2019/10/28 22:22:05 [DEBUG] checking for provisioner in ".terraform/plugins/linux_amd64"
2019-10-28T22:22:05.6577981Z 2019/10/28 22:22:05 [DEBUG] [aws-sdk-go] DEBUG: Request s3/ListObjects Details:
2019-10-28T22:22:05.6578432Z ---[ REQUEST POST-SIGN ]-----------------------------
2019-10-28T22:22:05.6578616Z GET /?prefix=env%3A%2F HTTP/1.1
2019-10-28T22:22:05.6578986Z Host: redacted-terraform-state.s3.eu-central-1.amazonaws.com
2019-10-28T22:22:05.6579410Z User-Agent: aws-sdk-go/1.25.3 (go1.12.9; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.12
2019-10-28T22:22:05.6580243Z Authorization: AWS4-HMAC-SHA256 Credential=***/20191028/eu-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=0d01e1fe5e064f27654fd5eb1d5924ff6d81f01cda5c443b0c26733f17fdbcfb
2019-10-28T22:22:05.6581258Z X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2019-10-28T22:22:05.6581655Z X-Amz-Date: 20191028T222205Z
2019-10-28T22:22:05.6582564Z Accept-Encoding: gzip
2019-10-28T22:22:05.6582636Z
2019-10-28T22:22:05.6582731Z
2019-10-28T22:22:05.6583106Z -----------------------------------------------------
2019-10-28T22:22:06.0426832Z 2019/10/28 22:22:06 [DEBUG] [aws-sdk-go] DEBUG: Response s3/ListObjects Details:
2019-10-28T22:22:06.0427705Z ---[ RESPONSE ]--------------------------------------
2019-10-28T22:22:06.0427914Z HTTP/1.1 200 OK
2019-10-28T22:22:06.0428569Z Connection: close
2019-10-28T22:22:06.0429632Z Transfer-Encoding: chunked
2019-10-28T22:22:06.0430218Z Content-Type: application/xml
2019-10-28T22:22:06.0430331Z Date: Mon, 28 Oct 2019 22:22:06 GMT
2019-10-28T22:22:06.0430475Z Server: AmazonS3
2019-10-28T22:22:06.0431050Z X-Amz-Bucket-Region: eu-central-1
2019-10-28T22:22:06.0431639Z X-Amz-Id-2: RbYvrJI+E/eEueCsG29/QUemM5PqjTlpqV679xdow7qjYyR9Q+3toGLmJja5Q/a4Wf7ItocVhaw=
2019-10-28T22:22:06.0432447Z X-Amz-Request-Id: 14FBDDB88993EF40
2019-10-28T22:22:06.0432585Z
2019-10-28T22:22:06.0432634Z
2019-10-28T22:22:06.0433024Z -----------------------------------------------------
2019-10-28T22:22:06.0433648Z 2019/10/28 22:22:06 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2019-10-28T22:22:06.0435682Z <ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>redacted-terraform-state</Name><Prefix>env:/</Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>env:/preproduction/analytics.tfstate</Key><LastModified>2019-10-28T21:38:09.000Z</LastModified><ETag>"5af58da12a6d5c237799a733b8db868c"</ETag><Size>26847</Size><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>env:/production/analytics.tfstate</Key><LastModified>2019-10-08T13:46:47.000Z</LastModified><ETag>"21a5a80d3472d78a7c68a42fd89eb251"</ETag><Size>7629</Size><StorageClass>STANDARD</StorageClass></Contents></ListBucketResult>
2019-10-29T04:20:49.4837055Z ##[error]The runner has received a shutdown signal. This can happen when the runner service is stopped, or a manually started runner is canceled.
2019-10-29T04:20:59.5262837Z ##[error]The operation was canceled.
Since [email protected] comments from terraform plan action are no longer formatted correctly.
See following screenshot. First comment is from terraform-github-actions/[email protected], second comment is from [email protected]
I manage a terraform consisting of multiple directories.
Is it possible to output TF_ACTION_WORKING_DIR when posting plan output results in PR?
like:
terraform plan success in TF_ACTION_WORKING_DIR
Hi,
The current actions are using v0.12.6, could you please update to v0.12.7?
I've already submitted a PR with the updates to try to help.
I've got my terraform resources in a monorepo. As a result of this, lots of commits do not touch terraform at all, and terraform plan leaving a comment on all of them doesn't add much value (and is confusing and distracting for devs working on other things).
A configuration option to only leave a comment if terraform plan detects work to do would be fantastic. Thanks!
I am having an issue where both fmt and plan fail when posting back to the comments url after a successful execution. Here is a sample output from my plan action (minus the state/plan details). It outputs a valid plan and then fails immediately after. I am also using the init & validate actions in my workflow and they pass sucessfully
### STARTED plan 11:41:56Z
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
fc9bf6ef956e18e8bae0b47810c6c4a0884e14a3158e360a974be3fbbace2944: Pulling from gct-12-top0mnum92ca14ee-uluuyu/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/cb9d8d2551a25ce243a837153bc3cbb6d0bd8f3e3efab6b4d663ab0cb9decfa2
4fe2ade4980c: Already exists
9687e2aa6bcc: Already exists
99ae8338d458: Already exists
37f1dea2948b: Pulling fs layer
19698c911b53: Pulling fs layer
19698c911b53: Verifying Checksum
19698c911b53: Download complete
37f1dea2948b: Verifying Checksum
37f1dea2948b: Download complete
37f1dea2948b: Pull complete
19698c911b53: Pull complete
Digest: sha256:08041c6e0f3b047f3fc6dfa5a68e8f1a86e4517c0debf5975c1def98a40a4735
Status: Downloaded newer image for gcr.io/gct-12-top0mnum92ca14ee-uluuyu/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/cb9d8d2551a25ce243a837153bc3cbb6d0bd8f3e3efab6b4d663ab0cb9decfa2:fc9bf6ef956e18e8bae0b47810c6c4a0884e14a3158e360a974be3fbbace2944
Step 1/11 : FROM hashicorp/terraform:0.11.11
---> 29edcab3b90b
Step 2/11 : LABEL "com.github.actions.name"="terraform plan"
---> Using cache
---> 33ddb0197b65
Step 3/11 : LABEL "com.github.actions.description"="Run terraform plan"
---> Using cache
---> bb12b99d80ac
Step 4/11 : LABEL "com.github.actions.icon"="book-open"
---> Using cache
---> 7e0480767956
Step 5/11 : LABEL "com.github.actions.color"="purple"
---> Using cache
---> 61a358640fb6
Step 6/11 : LABEL "repository"="https://github.com/hashicorp/terraform-github-actions"
---> Using cache
---> b6c717f3d3e8
Step 7/11 : LABEL "homepage"="http://github.com/hashicorp/terraform-github-actions"
---> Using cache
---> ef2cd28e7953
Step 8/11 : LABEL "maintainer"="HashiCorp Terraform Team <[email protected]>"
---> Using cache
---> 9bfba9585d9e
Step 9/11 : RUN apk --no-cache add jq
---> Using cache
---> 6386a89ca698
Step 10/11 : COPY entrypoint.sh /entrypoint.sh
---> Using cache
---> 8f59c29e659d
Step 11/11 : ENTRYPOINT ["/entrypoint.sh"]
---> Using cache
---> f0835eed30de
Successfully built f0835eed30de
Successfully tagged gcr.io/gct-12-top0mnum92ca14ee-uluuyu/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/cb9d8d2551a25ce243a837153bc3cbb6d0bd8f3e3efab6b4d663ab0cb9decfa2:fc9bf6ef956e18e8bae0b47810c6c4a0884e14a3158e360a974be3fbbace2944
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
...
Plan: 0 to add, 1 to change, 0 to destroy.
curl: (6) Could not resolve host: null
This is the workflow I am currently using (after removing the fmt step):
workflow "Terraform" {
on = "push"
resolves = [
"plan",
]
}
action "init" {
uses = "hashicorp/terraform-github-actions/[email protected]"
secrets = ["GITHUB_TOKEN"]
env = {
TF_ACTION_WORKING_DIR = "."
}
}
action "validate" {
uses = "hashicorp/terraform-github-actions/[email protected]"
secrets = ["GITHUB_TOKEN"]
env = {
TF_ACTION_WORKING_DIR = "."
}
needs = ["init"]
}
action "plan" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = ["validate"]
secrets = ["GITHUB_TOKEN"]
env = {
TF_ACTION_WORKING_DIR = "."
}
}
I'm trying to set up a basic work flow for a module and so i'm using terraform init and validate. (Following the example for working dir in your subdir).
examples:
name: 'Terraform (examples)'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@master
- name: 'Terraform Init'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.13
tf_actions_subcommand: 'init'
tf_actions_working_dir: 'example'
- name: 'Terraform Validate'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.12.13
tf_actions_subcommand: 'validate'
tf_actions_working_dir: 'example'
I need to target the template example folder in the root, where i have a provider and module.
The init does nto repsect the working dir
Terraform Init
Run hashicorp/terraform-github-actions@master
/usr/bin/docker run --name d400a31e4708945999e92e36d2aa30fd5_894a8e --label 10865d --workdir /github/workspace --rm -e INPUT_TF_ACTIONS_VERSION -e INPUT_TF_ACTIONS_SUBCOMMAND -e INPUT_TF_ACTIONS_WORKING_DIR -e INPUT_TF_ACTIONS_COMMENT -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/terraform-aws-githubactions/terraform-aws-githubactions":"/github/workspace" 10865d:400a31e4708945999e92e36d2aa30fd5
Downloading Terraform v0.12.13
Successfully downloaded Terraform v0.12.13
Unzipping Terraform v0.12.13
Successfully unzipped Terraform v0.12.13
init: info: initializing Terraform configuration in example
init: info: successfully initialized Terraform configuration in example
Terraform initialized in an empty directory!
The directory has no Terraform configuration files. You may begin working
with Terraform immediately by creating Terraform configuration files.
So the directory isn't empty, i know this because the validate step fails because it does find the module and provider
Terraform Validate
##[error]Docker run failed with exit code 1
Run hashicorp/terraform-github-actions@master
/usr/bin/docker run --name d400a31e4708945999e92e36d2aa30fd5_2aec25 --label 10865d --workdir /github/workspace --rm -e INPUT_TF_ACTIONS_VERSION -e INPUT_TF_ACTIONS_SUBCOMMAND -e INPUT_TF_ACTIONS_WORKING_DIR -e INPUT_TF_ACTIONS_COMMENT -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/terraform-aws-githubactions/terraform-aws-githubactions":"/github/workspace" 10865d:400a31e4708945999e92e36d2aa30fd5
Downloading Terraform v0.12.13
Successfully downloaded Terraform v0.12.13
Unzipping Terraform v0.12.13
Successfully unzipped Terraform v0.12.13
validate: info: validating Terraform configuration in example
validate: error: failed to validate Terraform configuration in example
Error: Module not installed
on module.action.tf line 1:
1: module action {
This module is not yet installed. Run "terraform init" to install all modules
required by this configuration.
Any ideas what happening?
Currently we have no way of controlling some texts in comment posted when terraform plan action is executed.
This becomes a bit confusing if we run a terraform plan on multiple directories in one pull_request workflow. When terraform plan is commented by bot, it becomes difficult to figure out which directory the comment is for unless we see details of actions in action UI.
if output looks like it is below, its difficult to figure out which directory output belongs to:
It would be nice if we can provide some ability to append something in git comment or it by default outputs task name as well in the comment?
Is there a way around it currently ? Tried overriding env variable GITHUB_ACTION like this in task:
But it seems that variable is overridden via task itself. Any other way?
0.3.1
The fmt action fails on valid Terraform syntax that passes terraform fmt locally.
terraform fmt Failed
modules/roles/main.tf
}
resource "aws_iam_policy" "ec2-autoscaling-setdesiredcapacity" {
- name = "Ev-EC2-ASG-SetDesiredCapacity"
- path = "/"
+ name = "Ev-EC2-ASG-SetDesiredCapacity"
+ path = "/"
description = "Provides ability to set desired capacity on ASGs."
policy = <<EOF
#GitHub Action Workflow
workflow "Terraform" {
resolves = "terraform-plan"
on = "pull_request"
}
action "filter-to-pr-open-synced" {
uses = "actions/bin/filter@master"
args = "action 'opened|synchronize'"
}
action "terraform-fmt" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "filter-to-pr-open-synced"
secrets = ["GITHUB_TOKEN"]
env = {
TF_ACTION_WORKING_DIR = "."
}
}
action "terraform-init" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-fmt"
secrets = [
"GITHUB_TOKEN",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
]
env = {
TF_ACTION_WORKING_DIR = "."
}
}
action "terraform-validate" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-init"
secrets = [
"GITHUB_TOKEN",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"DYN_PASSWORD",
]
env = {
TF_ACTION_WORKING_DIR = "."
}
}
action "terraform-plan" {
uses = "hashicorp/terraform-github-actions/[email protected]"
needs = "terraform-validate"
secrets = [
"GITHUB_TOKEN",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
"DYN_PASSWORD",
]
env = {
TF_ACTION_WORKING_DIR = "."
# If you're using Terraform workspaces, set this to the workspace name.
TF_ACTION_WORKSPACE = "default"
}
}
When following the Terraform Enterprise Free documentation, it suggests I create a .terraformrc file which contains my token.
These actions do not appear to support TF_ENV_TOKEN nor will they write an appropriately place .terraformrc file that would support a TFE backend
I have a working version of a GitHub Action https://github.com/sntxrr/create-terraformrc that will do all the work to create the file with an appropriate secret pulled in - perhaps this technique could be integrated to support TFE style remote backends?
Via: https://developer.github.com/actions/
The documentation at https://developer.github.com/actions and support for the HCL syntax in GitHub Actions will be deprecated on September 30, 2019. Documentation for the new limited public beta using the YAML syntax is available on https://help.github.com. See "Automating your workflow with GitHub Actions" for documentation using the YAML syntax.
The official Terraform docs show examples using the HCL syntax. Github said they're deprecating this, but it did not work at all for me.
I was able to translate into the new syntax here and now it works! Here it is in all it's glory:
https://github.com/servers-tf/infrastructure/blob/master/.github/workflows/terraform.yml
Figured I would share this since I love automating my Git repos and am very excitied to have a easy integration with Terraform and Github :)
Hello,
I have a set of resources managed by terraform (especially a RDS database on AWS), that I can deploy without any problem from my machine.
I tried to migrate my deployment script to github action, but it's failing with the following errors:
Run hashicorp/terraform-github-actions/[email protected]
/usr/bin/docker run --name fbc64f19db7a1830ac4199b2e0c13feadc13fa_28dbe1 --label fbc64f --workdir /github/workspace --rm -e ENV -e GITHUB_TOKEN -e TF_ACTION_WORKING_DIR -e TF_ACTION_WORKSPACE -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_DEFAULT_REGION -e INPUT_ARGS -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/sencrop-data/sencrop-data":"/github/workspace" fbc64f:19db7a1830ac4199b2e0c13feadc13fa -var-file=preproduction.tfvars -var-file=secrets.tfvars
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.rancher2_cluster.cluster: Refreshing state...
aws_db_instance.dwh: Refreshing state... [id=dwh-preproduction]
null_resource.dwh_perms: Refreshing state... [id=3675387515164209936]
data.rancher2_project.project: Refreshing state...
Error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: dial tcp: lookup dwh-preproduction.c839noe303ij.eu-central-1.rds.amazonaws.com on 168.63.129.16:53: read udp 172.17.0.2:39610->168.63.129.16:53: i/o timeout
on dwh_permissions.tf line 1, in provider "postgresql":
1: provider "postgresql" {
::set-output name=changes-present::false
##[error]Docker run failed with exit code 1
Not sure what the problem is: it's linked with the postgresql resource/provider, but occurs only in the context of github-actions. I asked github, but I have no answer from their support.
Unfortunately, this makes the whole terraform gihub action useless :-(
Is this a limitation of github-actions you know about ?
Would be quite useful to provide a way to run terraform init -backend=false.
This will make it possible to run terrafrom validate without providing sensitive GCP/AWS credentials to remote backends (see hashicorp/terraform#15811 (comment)).
Could be generic extension variable e.g:
initOutput=$(terraform init -input=false $INPUT_TF_ACTIONS_ARGS 2>&1)
Or something more specific in case latter is too broad..
We are receiving the follow error when running hashicorp/terraform-github-actions/[email protected]. This is preceded by the init and validate actions of the same version that do not error.
Error relocating /usr/bin/curl: curl_multi_poll: symbol not found
##[error]Docker run failed with exit code 127
According to the output, the plan command succeeds, but the curl error causes a false-negative for the workflow.
If more information is required, I will provide what I can.
I try to run terraform apply using output file from terraform plan. How could this be done?
Prerequisite: terraform plan -out example.tfplan.
Running
- uses: hashicorp/terraform-github-actions@master
env:
TF_CLI_ARGS_apply: example.tfplan
TF_LOG: TRACE
with:
tf_actions_version: ${{ env.TF_VERSION }}
tf_actions_subcommand: 'apply'
Causes error Too many command line arguments. Configuration path expected.
In TRACE log I can see cause for this error is
[INFO] TF_CLI_ARGS_apply value: "example.tfplan"
[INFO] CLI command args: []string{"apply", "example.tfplan", "-auto-approve", "-input=false"}
example.tfplan must be last argument but TF_CLI_ARGS_apply sets it first (as stated in the docs).
How can I achieve running terraform apply with input file example.tfplan via GitHub Actions?
On a valid, relatively simple Terraform configuration in one of our private repos, the terraform fmt action will list the .tf files in the repo and then exit with a "FAILED" status.
### STARTED terraform-fmt 13:03:11Z
Already have image (with digest): gcr.io/cloud-builders/curl
Already have image (with digest): gcr.io/cloud-builders/docker
+ tar xvz --strip=1 -C /5eb0a7e72283e788a84bed3a558f13f7cce7c0c1e72268ec57137ad8d792f665
+ curl --fail --silent --show-error --location https://api.github.com/repos/hashicorp/terraform-github-actions/tarball/v0.1.1
hashicorp-terraform-github-actions-97e09b0/LICENSE
hashicorp-terraform-github-actions-97e09b0/README.md
hashicorp-terraform-github-actions-97e09b0/assets/
hashicorp-terraform-github-actions-97e09b0/assets/fmt.png
hashicorp-terraform-github-actions-97e09b0/assets/plan.png
hashicorp-terraform-github-actions-97e09b0/assets/validate.png
hashicorp-terraform-github-actions-97e09b0/fmt/
hashicorp-terraform-github-actions-97e09b0/fmt/Dockerfile
hashicorp-terraform-github-actions-97e09b0/fmt/README.md
hashicorp-terraform-github-actions-97e09b0/fmt/entrypoint.sh
hashicorp-terraform-github-actions-97e09b0/init/
hashicorp-terraform-github-actions-97e09b0/init/Dockerfile
hashicorp-terraform-github-actions-97e09b0/init/README.md
hashicorp-terraform-github-actions-97e09b0/init/entrypoint.sh
hashicorp-terraform-github-actions-97e09b0/plan/
hashicorp-terraform-github-actions-97e09b0/plan/Dockerfile
hashicorp-terraform-github-actions-97e09b0/plan/README.md
hashicorp-terraform-github-actions-97e09b0/plan/entrypoint.sh
hashicorp-terraform-github-actions-97e09b0/validate/
hashicorp-terraform-github-actions-97e09b0/validate/Dockerfile
hashicorp-terraform-github-actions-97e09b0/validate/README.md
hashicorp-terraform-github-actions-97e09b0/validate/entrypoint.sh
52161cb817159321f458b064aa5efd48f692c0be657c705b5e21c2f9623c6d30: Pulling from gct-12-poxt9van0a0nx1s0785i6od/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/dc2b4b57b2c0f541e99a0d9e1a1e9cdd48c7e393a9f23d0068f27104e3230fa0
4fe2ade4980c: Already exists
604ce57c3982: Pulling fs layer
796e016008b8: Pulling fs layer
982cdbefd9c4: Pulling fs layer
d13847fef4ca: Pulling fs layer
d13847fef4ca: Waiting
604ce57c3982: Verifying Checksum
604ce57c3982: Download complete
982cdbefd9c4: Download complete
d13847fef4ca: Verifying Checksum
d13847fef4ca: Download complete
604ce57c3982: Pull complete
796e016008b8: Verifying Checksum
796e016008b8: Download complete
796e016008b8: Pull complete
982cdbefd9c4: Pull complete
d13847fef4ca: Pull complete
Digest: sha256:7b9ac3d94e220bb7dfeeabd40f568cf1d46e3ccd382b7ada7d1b47a49b824fae
Status: Downloaded newer image for gcr.io/gct-12-poxt9van0a0nx1s0785i6od/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/dc2b4b57b2c0f541e99a0d9e1a1e9cdd48c7e393a9f23d0068f27104e3230fa0:52161cb817159321f458b064aa5efd48f692c0be657c705b5e21c2f9623c6d30
Already have image (with digest): gcr.io/cloud-builders/docker
Sending build context to Docker daemon 5.12kB
Step 1/11 : FROM hashicorp/terraform:0.11.10
0.11.10: Pulling from hashicorp/terraform
4fe2ade4980c: Already exists
604ce57c3982: Already exists
796e016008b8: Already exists
Digest: sha256:3d5eb7a88d94f5216658b804acd70597e0315b8839a099a3d33baa45494bca65
Status: Image is up to date for hashicorp/terraform:0.11.10
---> cfb81e884a26
Step 2/11 : LABEL "com.github.actions.name"="terraform fmt"
---> Using cache
---> 9248606322dd
Step 3/11 : LABEL "com.github.actions.description"="Validate terraform files are formatted"
---> Using cache
---> 1866fcc2ae00
Step 4/11 : LABEL "com.github.actions.icon"="terminal"
---> Using cache
---> ce237ee6525a
Step 5/11 : LABEL "com.github.actions.color"="purple"
---> Using cache
---> 9fdef659ba98
Step 6/11 : LABEL "repository"="https://github.com/hashicorp/terraform-github-actions"
---> Using cache
---> 41a9b1100d2e
Step 7/11 : LABEL "homepage"="http://github.com/hashicorp/terraform-github-actions"
---> Using cache
---> 473f85b8cd50
Step 8/11 : LABEL "maintainer"="HashiCorp Terraform Team <[email protected]>"
---> Using cache
---> ec5ea607c8f1
Step 9/11 : RUN apk --no-cache add jq
---> Using cache
---> 85832d6bd746
Step 10/11 : COPY entrypoint.sh /entrypoint.sh
---> Using cache
---> bbf36185e72a
Step 11/11 : ENTRYPOINT ["/entrypoint.sh"]
---> Using cache
---> 3ec7c8e5e95f
Successfully built 3ec7c8e5e95f
Successfully tagged gcr.io/gct-12-poxt9van0a0nx1s0785i6od/ec7b5798739a0281d7439c11003205df079f23dcbdc5bda247eb21e0945a25dc/dc2b4b57b2c0f541e99a0d9e1a1e9cdd48c7e393a9f23d0068f27104e3230fa0:52161cb817159321f458b064aa5efd48f692c0be657c705b5e21c2f9623c6d30
Already have image (with digest): gcr.io/github-actions-images/action-runner:latest
main.tf
modules/athena_tier/main.tf
outputs.tf
provider.tf
### FAILED terraform-fmt 13:03:43Z (32.574s)
I've created a public repo with a simple TF example: https://github.com/evalytica/test-tf-actions. Right now, I can't get GitHub Actions to recognize or run the main.workflow created based on the latest example workflow code you've provided.
I am trying to run fmt with terraform 0.11.7 but keep getting the usage method and the fmt command fails. I added the TF_LOG: 'trace' option to the env vars and found this.
2019/11/01 15:55:11 [INFO] CLI command args: []string{"fmt", "-check=true", "-list=true", "-check", "-write=false", "-list", "-recursive"}
flag provided but not defined: -recursive
Usage: terraform fmt [options] [DIR]
Rewrites all Terraform configuration files to a canonical format.
If DIR is not specified then the current working directory will be used.
If DIR is "-" then content will be read from STDIN.
Options:
-list=true List files whose formatting differs (always false if using STDIN)
-write=true Write result to source file instead of STDOUT (always false if using STDIN or -check)
-diff=false Display diffs of formatting changes
-check=false Check if the input is formatted. Exit status will be 0 if all input is properly formatted and non-zero otherwise.
2019/11/01 15:55:11 [DEBUG] plugin: waiting for all plugin processes to complete...
##[error]Docker run failed with exit code 1
This is my code block
- name: 'Terraform Format'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: 0.11.7
tf_actions_subcommand: 'fmt'
tf_actions_working_dir: 'infrastructure'
tf_actions_comment: false
env:
TF_CLI_ARGS: '-check=true -list=true'
TF_LOG: 'TRACE'
Terraform validate fails running Terraform GitHub Actions v0.6.0 with message Error: Could not satisfy plugin requirements.
I uploaded a minimal example here: https://github.com/alexbde/terraform-demo/pull/2/checks
As you can see I only upgraded versions from v0.5.4 to v0.6.0.
It worked before, see https://github.com/alexbde/terraform-demo/pull/1/checks
Whenever apply succeeded, can it comment pull_request?
I may missed something, but it doesnt seems so.
Log:
Current runner version: '2.160.0'
Prepare workflow directory
Prepare all required actions
Download action repository 'actions/checkout@master'
Download action repository 'hashicorp/[email protected]'
##[error]Can't find 'action.yml' or 'Dockerfile' under '/home/runner/work/_actions/hashicorp/terraform-github-actions/v0.5.2/init'. Did you forget to run actions/checkout before running your local action?
Hi guys,
Please add support for:
https://releases.hashicorp.com/terraform/0.11.14/
And I think we need to create scheduled release process for every Terraform version.
WDYT?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.