You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If we have an existing config file, this action will overwrite it. The debug log line just before the overwrite says Adding credentials to ${credsFile}, which adds to the confusion, because it's replacing the existing file (as fs.writeFile does), not adding anything to it.
I hit this issue when trying to use a custom provider (or network mirrors). This behaviour makes a static file in the repo hard to use, we end up having to append content to the file this action smashes.
Expected behaviour
If we have custom config in the default location (${{ github.workspace }}/.terraformrc) or in a custom one set with TF_CLI_CONFIG_FILE, the content is preserved and any other configuration is added, not overwritten (at least not by default).
If that's too much to ask, at least have clearer debug logs and documentation about this behaviour, because it's a bit painful to get the right outcome.
Steps to reproduce
Have a config file in ${{ github.workspace }}/.terraformrc or in a location that matches the env variable TF_CLI_CONFIG_FILE. Stick some errors in it if you don't have a network mirror to test, just gibberish that would break any terraform command using the config.
On a step after that, run the setup-terraform action.
Have another step perform any Terraform command, like terraform init. It won't honour the config, it won't break if you had any errors.
Example
name: Config overwrite reproductionon: [ push ]env:
# Not really needed, this is the default, but change it and will still get overwritten.TF_CLI_CONFIG_FILE: ${{ github.workspace }}/terraformrc.tfrc jobs:
terraform-reproduce:
name: Terraform Reproduceruns-on: ubuntu-22.04permissions:
contents: readid-token: writesteps:
- name: Checkoutuses: actions/checkout@v4
- name: Write Terraform Config filerun: | echo "Writing config to ${TF_CLI_CONFIG_FILE}" cat <<-EOT > "${TF_CLI_CONFIG_FILE}" # This block is unnecessary to reproduce, you can change the mirror URL or not, as it # will be overwritten. But adding it for context for an example of something that should # eventually work. A simpler case would be to uncomment the 2 broken lines at the end # of this heredoc provider_installation { direct { exclude = ["registry.terraform.io/*/*"] } network_mirror { url = "https://FIXME-WITH-YOUR-OWN-MIRROR/api/terraform/terraform-providers-virtual/providers/" } } # Uncomment these lines to have something that should break any command: # bleh = blah # this_breaks = true EOTshell: bash
- name: DEBUG config file# Just a sanity check to see that the file written above is actually available from other steps.run: | echo "Config file from another step:" cat ${TF_CLI_CONFIG_FILE}shell: bash
- name: Setup Terraformuses: hashicorp/setup-terraform@v2with:
cli_config_credentials_hostname: "FIXME-WITH-YOUR-OWN-MIRROR"cli_config_credentials_token: "FIXME-WITH-A-TOKEN"terraform_version: 1.4.0. # not sure it matters much, but it's the one I used when I hit this
- name: Terraform Validateid: validate# This is not the simplest command one can use for a reproduction, but leaving it here as it might make it easier# on an existing module repo structure.run: find . -name 'main.tf' -not -path '*/.terraform/*' -print0 | xargs -0 -I{} bash -c 'cd $(dirname {}) && terraform init && terraform validate'shell: bash
The text was updated successfully, but these errors were encountered:
I understand the workaround is simple, but finding out how to get there wasn't, so hopefully this issue is found by others or Future Me.
Workaround
Move the Write Terraform Config file step below the Setup Terraform one. Change the line:
cat <<-EOT > "${TF_CLI_CONFIG_FILE}"
to
cat <<-EOT >> "${TF_CLI_CONFIG_FILE}"
so your step appends to the existing file.
You can move the debug step afterwards for a sanity check on your first attempts and it should show the whole config (and any following terraform commands should just work™️ or fail if you had any errors in your custom configuration).
Problem
If we have an existing config file, this action will overwrite it. The debug log line just before the overwrite says
Adding credentials to ${credsFile}
, which adds to the confusion, because it's replacing the existing file (as fs.writeFile does), not adding anything to it.I hit this issue when trying to use a custom provider (or network mirrors). This behaviour makes a static file in the repo hard to use, we end up having to append content to the file this action smashes.
Expected behaviour
If we have custom config in the default location (
${{ github.workspace }}/.terraformrc
) or in a custom one set withTF_CLI_CONFIG_FILE
, the content is preserved and any other configuration is added, not overwritten (at least not by default).If that's too much to ask, at least have clearer debug logs and documentation about this behaviour, because it's a bit painful to get the right outcome.
Steps to reproduce
${{ github.workspace }}/.terraformrc
or in a location that matches the env variableTF_CLI_CONFIG_FILE
. Stick some errors in it if you don't have a network mirror to test, just gibberish that would break any terraform command using the config.setup-terraform
action.terraform init
. It won't honour the config, it won't break if you had any errors.Example
The text was updated successfully, but these errors were encountered: