When my terraform code failed locally, I am able to see a detailed error message as to why it failed and with that information able to fix it. However, when the same terraform code failed while using GitHub Action workflow, it doesn't give detailed reason why it failed, except "error exit code 1". How can I use terraform debugging on the workflow level to produce detail log only when a step failed. I don't want to configure debugging at the repository level.
name: Testing push to branches
on:
push:
branches-ignore:
- main
env:
TERRAFORM_VERSION: "latest"
TERRAGRUNT_VERSION: "latest"
TERRAFORM_WORKING_DIR: './test'
jobs:
plan:
name: "Terragrunt Plan"
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ env.TERRAFORM_WORKING_DIR }}
steps:
- name: 'Checkout'
uses: actions/checkout#v2
- name: Setup Terraform
uses: hashicorp/setup-terraform#v1.3.2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: true
- name: Setup Terragrunt
uses: autero1/action-terragrunt#v1.1.0
with:
terragrunt_version: ${{ env.TERRAGRUNT_VERSION }}
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1.6.1
with:
aws-region: us-east-1
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Terragrunt Init
id: init
run: terragrunt run-all init -no-color --terragrunt-non-interactive
- name: Terragrunt Validate
id: validate
run: terragrunt run-all validate -no-color --terragrunt-non-interactive
- name: Terragrunt Plan
id: plan
run: terragrunt run-all plan -no-color --terragrunt-non-interactive
Related
I'm currently working on a terraform form and github actions where is connected to my Azure instance.
My current main.yml file is set up like this:
name: 'Terraform'
on:
push:
branches:
- main
pull_request:
env:
TF_VERSION: latest
ARM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.TENANT_ID }}
ROOT_PATH: '${{ github.workspace }}/src/terraform'
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
environment: dev
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout#v3
- name: Directory Path
run: |
ls -la
- name: Terraform Init
uses: hashicorp/terraform-github-actions#master
# run: |
# cd src
# cd terraform
# terraform init
with:
tf_actions_version: ${{ env.TF_VERSION }}
tf_actions_subcommand: 'init'
tf_actions_working_dir: ${{ env.ROOT_PATH }}
tf_actions_comment: true
env:
TF_VAR_env: 'dev'
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Terraform Format
uses: hashicorp/terraform-github-actions#master
with:
tf_actions_version: ${{ env.TF_VERSION }}
tf_actions_subcommand: 'fmt'
tf_actions_working_dir: ${{ env.ROOT_PATH }}
- name: Terraform Plan
uses: hashicorp/terraform-github-actions#master
with:
tf_actions_version: ${{ env.TF_VERSION }}
tf_actions_subcommand: 'plan'
tf_actions_working_dir: ${{ env.ROOT_PATH }}
At the time I see the directory path, I found out that is outside of my working directory. Then, further steps are going to tell me that I don't have any configuration.
Do you know if ROOT_PATH: '${{ github.workspace }}/src/terraform needs to be setup differently? or What else can I do to make sure I'll have the root directory which is src/terraform?
This is my first time working with azure pipelines, I started creating my azure-pipeline.yml. I am trying to execute the azure DevOps pipeline. However I am getting to errors where the variable are not referenced as declared.
deploy.sh deploy_azr ${{ variables.subPref }} ${{ variables.rgType }} ${{ variables.location }} ${{ variables.config }}
Here is the start of my template
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and more:
# https://aka.ms/yaml
trigger:
branches:
include:
- main
paths:
include:
- 'bicep/*'
- 'azure-pipelines.yml'
exclude:
- '*'
pool:
vmImage: ubuntu-latest
variables:
${{ if eq(variables['Build.SourceBranchName'], 'test_branch') }}:
deployTarget: tst
subscription: testsubscription
subscriptionId: 26455-trt31-******
rgType: tstrg
subPref: *****
config: tstjson
location: eastus2
${{ if eq(variables['Build.SourceBranchName'], 'main') }}:
deployTarget: prd
subscription: prdsub
subscriptionId: ***********************
rgType: prdrg
subPref: ******
config: prd.json
location: eastus2
stages:
- stage: Deploylib
jobs:
- deployment: lib
environment: ${{ variables.subscription }}
strategy:
runOnce:
deploy:
steps:
- checkout: self
- task: AzureCLI#2
inputs:
azureSubscription: ${{ variables.subscription }}
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
set -e
set -x
sudo apt install -y gridsite-clients
cd 'bicep'
echo "starting the lib deployment"
deploy.sh deploy_azr ${{ variables.subPref }} ${{ variables.rgType }} ${{ variables.location }} ${{ variables.config }}
any help would be appreciated.
I think the problem is that you need to specify the correct environment name on this line,
jobs:
- deployment: lib
environment: <environment name>
You can create an environment on the DevOps page, see the reference here, then copy the name to the YAML above.
The concept of environment here represents a collection of resources you will deploy your code. Once you have run a deployment, you should be able to see the history of deployment in the target environment.
/azure-pipelines.yml (Line: 42, Col: 22): Unexpected value ''
Test the same YAML sample and reproduce the same issue.
The cause of the issue is that you are using the format: ${{ variables.subscription }} in YAML sample.
The variable will be processed at compile time.
To solve this issue, you can change to use the format: $(subscription)
For example:
jobs:
- deployment: lib
environment: $(subscription)
Result:
For more detailed info, you can refer to this doc: Runtime expression syntax
env:
AZURE_WEBAPP_PACKAGE_PATH: '.'
DOTNET_VERSION: '6.0.x'
on:
push:
branches: master
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout#v2
- name: Set up .NET Core
uses: actions/setup-dotnet#v1
with:
dotnet-version: ${{ env.DOTNET_VERSION }}
- name: Set up dependency caching for faster builds
uses: actions/cache#v2
with:
path: ~/.nuget/packages
key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
restore-keys: |
${{ runner.os }}-nuget-
- name: Build with dotnet
run: dotnet build --configuration Release
- name: Test
run: dotnet test --no-restore --verbosity normal
- name: dotnet publish
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
- name: Upload artifact for deployment job
uses: actions/upload-artifact#v3
with:
name: .net-app
path: ${{env.DOTNET_ROOT}}/myapp
- name: Login to Aure
uses: azure/login#v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'development'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact#v3
with:
name: .net-app
- name: Deploy to Azure
uses: azure/CLI#v1
with:
azcliversion: latest
inlineScript: |
az deployment group create \
-- name \
-- resource-group \
-- template-file Template/template.json \
-- parameters storageAccountType=Standard_LRS
I had this a few weeks ago, something to with using "latest" was the issue.
Could you try replacing it with the below and see if the issue goes away?
- name: Deploy to Azure
uses: azure/CLI#v1
with:
azcliversion: 2.37.0
I'm not sure what your issue is, but you are not logged in to Azure during the deploy phase of your work.
You are logging in to Azure and then starting a new job. This is a new fresh container and it has no previous knowledge relating to your account.
I would move the Login part to the deploy step and see if that solves your issue.
Apart from that, if the config you posted is the entire workflow you will run into an issue wit this part:
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} since the step deploy-to-webapp is not in the config and as such there is no output to pull from.
I'm using docker/build-push-action#v2 with an automated version bump action and the job runs fine until the build and push step where I get this error
/usr/bin/docker buildx build --build-arg NPM_TOKEN=*** --iidfile /tmp/docker-build-push-MO1ELt/iidfile --tag registry.digitalocean.com/xxx/xxx: --metadata-file /tmp/docker-build-push-MO1ELt/metadata-file --push ./xxx
error: invalid tag "registry.digitalocean.com/xxx/xxx:": invalid reference format
Error: buildx failed with: error: invalid tag "registry.digitalocean.com/xxx/xxx:": invalid reference format
Am I adding the tag correctly or is it something wrong with the version bump package?
My GitHub action file
name: deploy-auth
on:
push:
branches:
- main
paths:
- 'xxx/**'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout main
uses: actions/checkout#v2
- name: Automated Version Bump
uses: 'phips28/gh-action-bump-version#master'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
default: fix
tag-prefix: 'v'
- name: Output Step
env:
NEW_TAG: ${{ steps.version-bump.outputs.newTag }}
run: echo "new tag $NEW_TAG"
- name: Install doctl
uses: digitalocean/action-doctl#v2
with:
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
- name: Log in to DigitalOcean Container Registry with short-lived credentials
run: doctl registry login --expiry-seconds 600
- name: Build and push Docker image
uses: docker/build-push-action#v2
with:
context: ./xxx
push: true
tags: registry.digitalocean.com/xxx/xxx:${{ steps.version-bump.outputs.newTag }}
build-args: |
NPM_TOKEN=${{ secrets.NPM_TOKEN }}
There's no version-bump step in that GHA. Which means ${{ steps.version-bump.outputs.newTag }} is empty. You can set an id field on the step to define it:
- name: Automated Version Bump
uses: 'phips28/gh-action-bump-version#master'
id: version-bump
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
default: fix
tag-prefix: 'v'
I am trying to deploy a vuejs app with the azure web app and github action. Here is my yml:
name: 'test'
on:
push:
branches:
- release
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: azure/login#v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS_DEV }}'
- uses: azure/appservice-settings#v1
with:
app-name: 'test'
app-settings-json: '${{ secrets.APP_SETTINGS_DEV }}'
general-settings-json: '{"alwaysOn": "false", "webSocketsEnabled": "true"}' #'General configuration settings as Key Value pairs'
id: settings
- run: echo "The webapp-url is ${{ steps.settings.outputs.webapp-url }}"
- run: |
az logout
- uses: actions/checkout#v2
- name: Set up Node.js version
uses: actions/setup-node#v1
with:
node-version: '14.x'
- name: npm install, build
run: |
npm install
npm run build
- name: Upload artifact for deployment job
uses: actions/upload-artifact#v2
with:
name: node-app
path: .
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'test'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact#v2
with:
name: node-app
- name: 'Deploy to Azure Web App'
id: deploy-to-webapp
uses: azure/webapps-deploy#v2
with:
app-name: 'test'
slot-name: 'Production'
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPR }}
package: .
And I followed this tutorial to retrieve the application settings from web app:
https://github.com/Azure/appservice-settings
So I got the variable and secrets in pipeline, but it seems like when building the app, it doesn't build with those secrets, the environment variables turned to be undefined in the app:(
Does anyone know a solution for it?
So yes, I figured out how I can solve this pain.
So all I had to do is create .env file before the build, see the full yml below:
name: 'test'
on:
push:
branches:
- release
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- name: Set up Node.js version
uses: actions/setup-node#v1
with:
node-version: '14.x'
- name: create .env file
run: |
touch .env
echo VUE_APP_CLIENT_ID =${{ secrets.VUE_APP_CLIENT_ID_DEV }} >> .env
echo VUE_APP_CLIENT_SECRET =${{ secrets.VUE_APP_CLIENT_SECRET_DEV }} >> .env
- name: npm install, build
run: |
npm install
npm run build
- name: Zip artifact for deployment
run: zip release.zip ./* -r
- name: Upload artifact for deployment job
uses: actions/upload-artifact#v2
with:
name: node-app
path: release.zip
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'test'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact#v2
with:
name: node-app
- name: unzip artifact for deployment
run: unzip release.zip
- name: 'Deploy to Azure Web App'
id: deploy-to-webapp
uses: azure/webapps-deploy#v2
with:
app-name: 'test'
slot-name: 'Production'
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPR }}
package: .
So the imports piece is to create the .env file in the container and get secrets(VUE_APP_CLIENT_ID_DEV) which was stored in GitHub secrets:
- name: create .env file
run: |
touch .env
echo VUE_APP_CLIENT_ID =${{ secrets.VUE_APP_CLIENT_ID_DEV }} >> .env
echo VUE_APP_CLIENT_SECRET =${{ secrets.VUE_APP_CLIENT_SECRET_DEV }} >> .env
Below another piece worth look, it zip the artifacts and unzip when deploy, which helped improve the performance big time:
- name: Upload artifact for deployment job
uses: actions/upload-artifact#v2
with:
name: node-app
path: release.zip
- name: unzip artifact for deployment
run: unzip release.zip
It is working perfectly for me, hope this helps you!