Note: This repository has moved to hashicorp-education/learn-terraform-github-actions.
This repo is a companion repo to the Automate Terraform with GitHub Actions tutorial.
Home Page: https://learn.hashicorp.com/tutorials/terraform/github-actions?in=terraform/automation
License: Mozilla Public License 2.0
Note: This repository has moved to hashicorp-education/learn-terraform-github-actions.
This repo is a companion repo to the Automate Terraform with GitHub Actions tutorial.
Hello i am using terragrunt so on Show output there is no output caputured so can anyone help me
- name: Plan Terraform
id: plan
if: github.event_name == 'pull_request'
working-directory: infra/config/pci/stage
run: terragrunt run-all plan --terragrunt-non-interactive -no-color -input=false
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style ๐\`${{ needs.lint.outputs.output }}\`
#### Terraform Initialization โ๏ธ\`${{ steps.init.outcome }}\`
#### Terraform Validation ๐ค\`${{ needs.validate.outputs.output }}\`
#### Terraform Plan ๐\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
Expected behaviour: apply
should run only when changes are pushed to main
.
Actual behaviour: apply
is also run when changes are merged from main
.
I followed Automate Terraform with GitHub Actions. In this workflow, Terraform apply
should run only when changes are pushed to main
.
It worked well until someone opened a PR to merge changes from main
into their feature branch. I was surprised to see the apply
step run because it should not have run. apply
should run when changes are pushed into main
, not when changes are merged from main
.
I think this must somehow be a result of this conditional:
I'm not a GitHub Actions expert, but it seems to me that this step ran because main
is one of the branches involved, but in this PR it's the source branch, not the merge destination.
Here is my GitHub actions file, which is just a fork of yours: https://github.com/bcgov/moh-keycloak-client-configurations/blob/main/.github/workflows/terraform.yml#L85
Here is the Pull Request that caused apply
to run unexpectedly: bcgov/moh-keycloak-client-configurations#18
And here is the Actions output: https://github.com/bcgov/moh-keycloak-client-configurations/runs/7256344650?check_suite_focus=true
I had to change the terraform.yml file to make it work.
Tried creating a pull request but it immediately got closed.
Changed the following
from this:
jobs:
terraform:
name: "Terraform"
runs-on: ubuntu-latest
permissions:
pull-request: write
to this
jobs:
terraform:
name: "Terraform"
runs-on: ubuntu-latest
permissions: write-all
I have been trying to setup a basic github-action to run tf plan on pull-request:
Somehow it unzips terraform into a different folder in _temp that the one in which the upcoming steps are looking for it:
Run hashicorp/setup-terraform@v1
with:
cli_config_credentials_token: ***
cli_config_credentials_hostname: app.terraform.io
terraform_version: latest
terraform_wrapper: true
_/usr/bin/unzip -q /home/runner/work/temp/6d267526-f5e4-4650-9142-da0205b1c469
Run terraform fmt -check
terraform fmt -check
shell: /usr/bin/bash -e {0}
env:
_TERRAFORM_CLI_PATH: /home/runner/work/temp/b6730404-dafc-4ade-bde9-fd301a78d032
Error: No such file or directory`
I did not get an answer on stackoverflow so now I'm asking here..
Previosuly the github action would fail if the terraform plan failed. After these changes it seems like some rewrites are needed, although it is not obvious what the fix would be
The Terraform plan renderer has been completely rewritten to aid with future Terraform Cloud integration. Users should not see any material change in the plan output between 1.3 and 1.4. If you notice any significant differences, or if Terraform fails to plan successfully due to rendering problems, please open a bug report issue.
Step which now fails
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
New output from plan step if tfplan fails:
Planning failed. Terraform encountered an error while generating this plan.
Error: An error occurred trying to start process '/home/runner/runners/2.294.0/externals/node16/bin/node' with working directory '/home/runner/work/REPO_NAME/REPO_NAME'. Argument list too long
This step:
- uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
The current syntax highlighting in the markdown is broken. See #906 for a possible fix.
Another option is to render the plan output using diff
so the changes will show up as colorised colorised blocks. It provides a better overview of what happened, but unfortunately loses the terraform syntax highlighting.
See #904
The best option would be of course both, get colorised blocks but also keep the syntax highlighting. Unfortunately haven't found a way to do that yet.
Let me know what you think.
Sorry if my question is explained or resolved in any doc but I'm following this doc:
https://learn.hashicorp.com/tutorials/terraform/github-actions?in=terraform/automation
and I'm curious how the terraform plan section work in a S3 backend for example,
the plan will generate a remote plan at my S3?
if not, is there any help in how I can "save" the plan from plan step and guarantee the execution of that plan in the apply phase?
I think ideally, you run the plan you approved instead of applying with -auto-approve
. I'm wondering if others feel the same way
I hacked at it a while ago and was able to do it by using artifacts.
Thanks for the guide! I'm trying to get the GitHub Script stuff to work but getting no outputs:
# Generates an execution plan for Terraform
- name: Terraform Plan
id: plan
run: terraform plan -no-color
continue-on-error: true
- name: Update Pull Request
uses: actions/[email protected]
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `
#### Terraform Format and Style ๐ : \`${{ steps.fmt.outcome }}\`
#### Terraform Initialization โ : \`${{ steps.init.outcome }}\`
#### Terraform Plan ๐ : \`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`${process.env.PLAN}\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
If during the Terraform init, validate, and plan, phases there is an error, the pull request will be closed with the error message related to performing the PR against your personal fork.
For example, if you have a typo in your main.tf, the github action bot will close the pull request stating "Hi! If you are following the Terraform GitHub Actions tutorial, please open the PR against [your personal fork] of this repository. We will automatically close this PR, but if you intended to edit the example itself please feel free to re-open it"
It will not be immediately apparent to new users that the issue is actually related to the terraform init or terraform plan stages and could cause some confusion (at least it did for me).
For example: nnrrmzz#2
Has anyone found a decent way to have some sort of manual approval process between plan and apply? Between "steps" is really what I'm after. But I suppose it could even be between jobs. A job to run plan and approve followed by a job to run apply.
The message used by the auto-close bot suggests that you can re-open the PR if it was not made by accident. However, it seems like I am not authorized to do so.
@im2nguyen I want to re-open this PR but it seems like I can't for some reason. Running gh pr reopen 804
returns API call failed: Message: Could not open the pull request., Locations: [{Line:1 Column:60}]
.
Originally posted by @matjahs in #804 (comment)
Most PRs are mistake. Should convert this project to Github Project Template?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.