如何在 GitHub 工作流程中传递地形变量
How to pass terraform variables in GitHub workflow
我有一个 GitHub 工作流程要使用 terraform 在 AW 上部署,但我正在努力传递 terraform 变量。
以下步骤失败,因为无法找到 variables.tf
中定义的变量
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
django_secret_key: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
admin: ${{ secrets.TF_VAR_ADMIN }}
admin_email: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
admin_password: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
db_username: ${{ secrets.TF_VAR_DB_USERNAME }}
db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}
run: |
export ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -no-color -input=false
continue-on-error: true
在 gitlab ci 中,我刚刚将 tf_variables 定义为 CI 变量,所以我在 GitHub 中做了同样的事情,但是 ci 失败并出现此错误留言
Run export TF_VAR_ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
export TF_VAR_ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -no-color -input=false
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
TERRAFORM_CLI_PATH: /home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8
ECR_REGISTRY: ***.dkr.ecr.us-east-1.amazonaws.com
ECR_REPOSITORY: ***
TF_VAR_DJANGO_SECRET_KEY: ***
TF_VAR_ADMIN: ***
TF_VAR_ADMIN_EMAIL: ***
TF_VAR_ADMIN_PASSWORD: ***
TF_VAR_DB_USERNAME: ***
TF_VAR_DB_PASSWORD: ***
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Reusing previous version of hashicorp/template from the dependency lock file
- Using previously-installed hashicorp/aws v4.15.1
- Using previously-installed hashicorp/template v2.2.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin workspace select staging
Switched to workspace "staging".
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin plan -no-color -input=false
Releasing state lock. This may take a few moments...
Error: No value for required variable
on variables.tf line 11:
11: variable "db_***" {
The root module input variable "db_***" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 14:
14: variable "db_***" {
The root module input variable "db_***" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 31:
31: variable "django_***_key" {
The root module input variable "django_***_key" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: No value for required variable
on variables.tf line 34:
34: variable "***" {
The root module input variable "***" is not set, and has no default value.
Use a -var or -var-file command line argument to provide a value for this
variable.
Error: No value for required variable
on variables.tf line 37:
37: variable "***_email" {
The root module input variable "***_email" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 40:
40: variable "***_***" {
The root module input variable "***_***" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.
类似的东西怎么样?
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
django_secret_key: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
admin: ${{ secrets.TF_VAR_ADMIN }}
admin_email: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
admin_password: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
db_username: ${{ secrets.TF_VAR_DB_USERNAME }}
db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}
run: |
export ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -var="db_username=${{ secrets.TF_VAR_DB_USERNAME }}" -var="db_password==${{ secrets.TF_VAR_DB_PASSWORD }}" -var="admin_email=${{ secrets.TF_VAR_ADMIN_EMAIL }}" -var="admin_password=${{ secrets.TF_VAR_ADMIN_PASSWORD }}" -var="admin=${{ secrets.TF_VAR_ADMIN }}" -var="django_secret_key=${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}" -var="ECR_REGISTRY=${{ steps.login-ecr.outputs.registry }}" -var="ECR_REPOSITORY=${{ secrets.ECR_REPO }}" -no-color -input=false
continue-on-error: true
我有一个 GitHub 工作流程要使用 terraform 在 AW 上部署,但我正在努力传递 terraform 变量。
以下步骤失败,因为无法找到 variables.tf
中定义的变量- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
django_secret_key: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
admin: ${{ secrets.TF_VAR_ADMIN }}
admin_email: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
admin_password: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
db_username: ${{ secrets.TF_VAR_DB_USERNAME }}
db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}
run: |
export ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -no-color -input=false
continue-on-error: true
在 gitlab ci 中,我刚刚将 tf_variables 定义为 CI 变量,所以我在 GitHub 中做了同样的事情,但是 ci 失败并出现此错误留言
Run export TF_VAR_ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
export TF_VAR_ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -no-color -input=false
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
TERRAFORM_CLI_PATH: /home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8
ECR_REGISTRY: ***.dkr.ecr.us-east-1.amazonaws.com
ECR_REPOSITORY: ***
TF_VAR_DJANGO_SECRET_KEY: ***
TF_VAR_ADMIN: ***
TF_VAR_ADMIN_EMAIL: ***
TF_VAR_ADMIN_PASSWORD: ***
TF_VAR_DB_USERNAME: ***
TF_VAR_DB_PASSWORD: ***
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Reusing previous version of hashicorp/template from the dependency lock file
- Using previously-installed hashicorp/aws v4.15.1
- Using previously-installed hashicorp/template v2.2.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin workspace select staging
Switched to workspace "staging".
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin plan -no-color -input=false
Releasing state lock. This may take a few moments...
Error: No value for required variable
on variables.tf line 11:
11: variable "db_***" {
The root module input variable "db_***" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 14:
14: variable "db_***" {
The root module input variable "db_***" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 31:
31: variable "django_***_key" {
The root module input variable "django_***_key" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: No value for required variable
on variables.tf line 34:
34: variable "***" {
The root module input variable "***" is not set, and has no default value.
Use a -var or -var-file command line argument to provide a value for this
variable.
Error: No value for required variable
on variables.tf line 37:
37: variable "***_email" {
The root module input variable "***_email" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 40:
40: variable "***_***" {
The root module input variable "***_***" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.
类似的东西怎么样?
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
django_secret_key: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
admin: ${{ secrets.TF_VAR_ADMIN }}
admin_email: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
admin_password: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
db_username: ${{ secrets.TF_VAR_DB_USERNAME }}
db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}
run: |
export ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -var="db_username=${{ secrets.TF_VAR_DB_USERNAME }}" -var="db_password==${{ secrets.TF_VAR_DB_PASSWORD }}" -var="admin_email=${{ secrets.TF_VAR_ADMIN_EMAIL }}" -var="admin_password=${{ secrets.TF_VAR_ADMIN_PASSWORD }}" -var="admin=${{ secrets.TF_VAR_ADMIN }}" -var="django_secret_key=${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}" -var="ECR_REGISTRY=${{ steps.login-ecr.outputs.registry }}" -var="ECR_REPOSITORY=${{ secrets.ECR_REPO }}" -no-color -input=false
continue-on-error: true