英文:
Terragrunt CICD init failure via GitHub Actions
问题
我在尝试使用Github Actions通过CI/CD运行Terragrunt时遇到了一些困难。我收到了以下错误消息。经过调查,我发现其他人也报告了这个问题,与依赖块有关。
我尝试了添加模拟输出,将模拟输出合并到状态中,升级/降级Terragrunt版本,引入一个Makefile以进入每个目录并运行init、plan和apply(因为似乎在运行所有命令时存在问题)等推荐的操作。
我可以成功地使用CLI按照依赖关系的特定顺序部署Terragrunt资源。首先需要设置VPC和托管区域,因为它们没有依赖关系。目前,资源是由CLI设置的,状态文件存在,因此CI/CD流水线的任何后续运行都应该正常工作,但它仍然失败。CLI和流水线都安装了相同版本的Terraform和Terragrunt。在切换Terragrunt版本时,我观察到无效字符'c'更改为无效字符':'。
有人经历过这个问题并成功找到了解决方法吗?还是有关于如何更好地设置这个问题的建议?我是不是最好放弃Terragrunt?
1. 错误消息
********** Running init for dns_records **********
time=2023-05-29T17:05:33Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-hosted-zone.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/hosted_zone]
time=2023-05-29T17:05:35Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod/*******/hosted_zone/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:35Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
********** Running init for subnet/mft-subnet **********
time=2023-05-29T17:05:35Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc]
time=2023-05-29T17:05:37Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:37Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
********** Running init for tgw-attach **********
time=2023-05-29T17:05:37Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc]
time=2023-05-29T17:05:39Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:39Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
********** Running init for route/tgw **********
time=2023-05-29T17:05:40Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc]
time=2023-05-29T17:05:41Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:41Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
make: *** [Makefile:14: init] Error 1
Error: Process completed with exit code 2.
2. 目录结构
.
├── Makefile
├── common.hcl
├── dns_records
│ ├── config.hcl
│ └── terragrunt.hcl
├── env.hcl
├── hosted_zone
│ ├── config.hcl
│ └── terragrunt.hcl
├── route
│ └── tgw
│ ├── config.hcl
│ └── terragrunt.hcl
├── subnet
│ └── mft-subnet
│ ├── config.hcl
│ └── terragrunt.hcl
├── tgw-attach
│ ├── config.hcl
│ └── terragrunt.hcl
└── vpc
├── config.hcl
├── override.tf
└── terragrunt.hcl
3. Makefile
CURRENT_DIR := $(shell pwd)
MODULES := hosted_zone vpc dns_records subnet/mft-subnet tgw-attach route/tgw
.PHONY: check
check:
@echo "please specify rule"
all: init plan apply
.PHONY: init
init:
@for module in $(MODULES); do \
echo "********** Running init for $$module **********"; \
cd $(CURRENT_DIR)/$$module && terragrunt init; \
done
.PHONY: plan
plan:
<details>
<summary>英文:</summary>
I'm having some difficulty attempting to run terragrunt via CI/CD using Github Actions. I get the below error message. Upon investigation, i found that this has been reported by others and relates to dependency blocks.
I have tried the recommended actions of adding mock outputs, merging the mock outputs to state, upgrading/downgrading the version of terragrunt, introducing a Makefile to 'cd' into each directory and run an init, plan and apply (as there seem to be issues with the run-all command).
I am able to successfully deploy the terragrunt resources in a particular order using CLI due to dependencies. The VPC and Hosted Zone need to be setup first as they have no dependencies. Currently, the resources are setup by CLI and the state file exists, so I any subsequent run of the CI/CD pipeline would work, but it still fails. Both CLI and Pipeline have the same version of terraform and terragrunt installed. On switching version of terragrunt i observed the **invalid character 'c'** changes to an **invalid character ':'**.
Has anybody experienced this and managed to find a fix? or is there advice on how to better set this up? Am i better off getting rid of terragrunt?
**1. Error message**
********** Running init for dns_records **********
time=2023-05-29T17:05:33Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-hosted-zone.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/hosted_zone]
time=2023-05-29T17:05:35Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/hosted_zone/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:35Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
********** Running init for subnet/mft-subnet **********
time=2023-05-29T17:05:35Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc]
time=2023-05-29T17:05:37Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:37Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
********** Running init for tgw-attach **********
time=2023-05-29T17:05:37Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc]
time=2023-05-29T17:05:39Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:39Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
********** Running init for route/tgw **********
time=2023-05-29T17:05:40Z level=warning msg=No double-slash (//) found in source URL /***************/terraform-aws-vpc.git. Relative paths in downloaded Terraform code may not work. prefix=[/runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc]
time=2023-05-29T17:05:41Z level=error msg=Could not parse output from terragrunt config /runner/_work/******-infra-terraform/******-infra-terraform/environments/preprod-******/vpc/terragrunt.hcl. Underlying error: invalid character 'c' looking for beginning of value
time=2023-05-29T17:05:41Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
make: *** [Makefile:14: init] Error 1
Error: Process completed with exit code 2.
**2. Directory Structure**
.
├── Makefile
├── common.hcl
├── dns_records
│   ├── config.hcl
│   └── terragrunt.hcl
├── env.hcl
├── hosted_zone
│   ├── config.hcl
│   └── terragrunt.hcl
├── route
│   └── tgw
│   ├── config.hcl
│   └── terragrunt.hcl
├── subnet
│   └── mft-subnet
│   ├── config.hcl
│   └── terragrunt.hcl
├── tgw-attach
│   ├── config.hcl
│   └── terragrunt.hcl
└── vpc
├── config.hcl
├── override.tf
└── terragrunt.hcl
**3. Makefile**
The pipeline first runs a task for 'make init', then 'make plan' and finally 'make apply' but doesn't get past the make init.
CURRENT_DIR := $(shell pwd)
MODULES := hosted_zone vpc dns_records subnet/mft-subnet tgw-attach route/tgw
.PHONY: check
check:
@echo "please specify rule"
all: init plan apply
.PHONY: init
init:
@for module in $(MODULES); do \
echo "********** Running init for $$module **********"; \
cd $(CURRENT_DIR)/$$module && terragrunt init; \
done
.PHONY: plan
plan:
@for module in $(MODULES); do \
echo "********** Running plan for $$module **********"; \
cd $(CURRENT_DIR)/$$module && terragrunt plan; \
done
.PHONY: apply
apply:
@for module in $(MODULES); do \
echo "********** Running apply for $$module **********"; \
cd $(CURRENT_DIR)/$$module && terragrunt apply -auto-approve; \
done
**4. terragrunt.hcl for dns_records**
include "root" {
path = find_in_parent_folders()
}
dependency "hosted_zone" {
config_path = "../hosted_zone"
mock_outputs_merge_strategy_with_state = true
mock_outputs_allowed_terraform_commands = ["validate", "fmt", "init", "plan"]
mock_outputs = {
zone_id = "zone-id"
}
}
locals {
# Load the data from common.hcl
common = read_terragrunt_config("../common.hcl")
env = read_terragrunt_config("../env.hcl")
config = read_terragrunt_config("config.hcl")
}
# Set the generate config dynamically to the generate config in common.hcl
generate = local.common.generate
terraform {
source = "git::git@github.com:***************/terraform-aws-route53-record.git?ref=master"
}
inputs = {
zone_id = dependency.hosted_zone.outputs.zone_id
records = local.config.locals.records
tags = local.env.locals.tags
}
**5. Workflow.yml**
name: Linting & Validating
on:
pull_request:
types:
- opened
- edited
- synchronize
- reopened
branches:
- "master"
# Allow to trigger manually
workflow_dispatch:
env:
tf_version: 'latest'
tg_version: 'latest'
tf_working_dir: '.'
GIT_SSH_COMMAND: "echo '${{ secrets.GH_PRIVATE_KEY }}' > id_rsa
&& ssh-keyscan github.com > known_hosts
&& chmod 600 id_rsa known_hosts
&& ssh -i ./id_rsa -o UserKnownHostsFile=./known_hosts"
jobs:
check-pr:
name: check-pr
runs-on: self-hosted
strategy:
fail-fast: false
matrix:
include:
- { env: "preprod", home: "environments/preprod-********"}
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.IE_********_TERRAFORM_USER_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.IE_********_TERRAFORM_USER_AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
role-duration-seconds: 900
- name: Check out Git repository
uses: actions/checkout@v3
- name: Setup Terragrunt
uses: autero1/action-terragrunt@v1.3.1
with:
terragrunt_version: 0.42.5
- name: Print Terragrunt Version
run: terragrunt --version
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: 16.19.1
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.4.5
- name: Print Terraform Version
run: terraform --version
- name: 'Terragrunt Format'
run: |
cd ${{ matrix.home }}
terragrunt hclfmt --terragrunt-check
- name: 'Terragrunt Init'
run: |
cd ${{ matrix.home }}
make init
- name: 'Terragrunt Plan'
run: |
cd ${{ matrix.home }}
make plan
</details>
# 答案1
**得分**: 2
以上问题的原因是 terraform_wrapper 标志引起的。因为我使用的是 GitHub Marketplace 上的 `hashicorp/setup-terraform@v2`,默认情况下 terraform_wrapper 被设置为 "true"。当我在我的 GitHub Actions workflow.yml 文件中添加了如下的 `terraform_wrapper: false` 后,问题得到解决。感谢另一个帖子中的 Brian 指出了这一点。
```yaml
steps:
- uses: hashicorp/setup-terraform@v2
with:
terraform_wrapper: false
英文:
It turns out the above issue was caused by the terraform_wrapper flag. Because i was using the hashicorp/setup-terraform@v2 from the GitHub marketplace, by default terraform_wrapper is set to "true". As soon as i added the terraform_wrapper: false per below in my GitHub Actions workflow.yml file, it resolved the issue. Thanks to Brian on another thread for pointing this out.
steps:
- uses: hashicorp/setup-terraform@v2
with:
terraform_wrapper: false
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论