terragrunt-action
terragrunt-action copied to clipboard
gruntwork-io
Using a container image avoids use external tools
It is common that terragrunt/terraform requires external tools like az cli or aws cli, however the docker image does not have them (and probably shouldn't).
This is at this job that checkouts code, log into azure and tries to run terragrunt:
plan:
runs-on: ubuntu-latest
needs: [ checks ]
steps:
- name: 'Checkout'
uses: actions/checkout@main
- name: Azure Login
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ vars.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ vars.AZURE_TENANT_ID }}"}'
- name: Plan
uses: gruntwork-io/terragrunt-action@v1
with:
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: 'run-all plan'
Eror: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.
It is possible to run custom pre exec job with:
- name: Plan
uses: gruntwork-io/[email protected]
env:
INPUT_PRE_EXEC_0: 'curl -sLO https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && unzip -q awscli-exe-linux-x86_64.zip && ./aws/install'
with:
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: 'run-all plan'
@denis256 With (now deleted) v1.0.11 I couldn't install repository packages with apt, b/c of the user change in Dockerfile. If you plan to release user change feature again (highly appreciated), please consider adding smth like
diff --git a/terragrunt/Dockerfile b/terragrunt/Dockerfile
index 095959f..33480c4 100644
--- a/terragrunt/Dockerfile
+++ b/terragrunt/Dockerfile
@@ -13,11 +13,13 @@ RUN apt-get update && apt-get install -y \
jq \
unzip \
wget \
+ sudo \
&& rm -rf /var/lib/apt/lists/*
# Create runner user
RUN addgroup --system --gid 127 docker
RUN useradd --system -u 1001 -g 127 -ms /bin/bash runner
+RUN echo "runner ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/runner
USER runner
RUN mkdir -p /home/runner/.ssh
Thank you!
Thank you, I didn't know about that option, but does it make sense? I'm using terragrunt-action to minimize coding and avoid installing manually terragrunt and terraform, but I can't use Azure action to install az cli.
PD: This is not a bug anymore, this is more a proposal
I am running into a simmilar issue. Implementing a setup terragrunt would help a lot because we would have the control what context is used. One other Problem is that authenticating with gcloud before applying terragrunt
I got permission denied for the following.
mkdir: cannot create directory '/usr/local/aws-cli': Permission denied
- name: Plan
uses: gruntwork-io/[email protected]
env:
INPUT_PRE_EXEC_0: 'curl -sLO https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && unzip -q awscli-exe-linux-x86_64.zip && ./aws/install'
with:
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.working_dir }}
tg_command: 'run-all plan'
Adding INPUT_PRE_EXEC_0 still results in the same error. Has anyone found the solution?
in my projects, I use sudo ...
env:
INPUT_PRE_EXEC_0: 'sudo curl -sLO https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && sudo unzip -q awscli-exe-linux-x86_64.zip && sudo ./aws/install'
INPUT_PRE_EXEC_1: 'aws --version'
https://github.com/denis256/terragrunt-tests/blob/master/.github/workflows/basic-test-install-tools.yml#L35
@denis256
IMO, the core issue is that the action is using Docker to execute the commands, so that mise is available to install terragrunt/terraform.
This is a big requirement for such a small thing and actually causes a lot of problems as presented in this issue.
How would you feel about removing the docker requirement and instead just install via curl, so that the action is more interoperable?
We are facing the same issue but with gcloud. Using INPUT_PRE_EXEC_0 would make the step more complicated.
