search

dflook / terraform-github-actions

GitHub actions for terraform
782 stars 154 forks source link

Not respecting existing known_hosts and ssh setup #41

Closed akaltar closed 3 years ago

akaltar commented 3 years ago

I'm trying to use this action with a terraform project that imports its submodules from another (private) repository.

This is the type of error I'm getting:

Error: Failed to download module

Could not download module "database" (../../layers/data/main.tf:1) source code
from "git@github.com:veedstudio/veed-terraform-modules.git?ref=master": error
downloading
'ssh://git@github.com/veedstudio/veed-terraform-modules.git?ref=master':
/usr/bin/git exited with 128: Cloning into
'/github/home/.dflook-terraform-data-dir/modules/data.database'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Even though if I run git clone before this, it does work as expected, and the action I use before adds the correct known_hosts values for github.com. here is the relevant snippet from the workflow I'm writing:

      - name: Set up access key for terraform_modules repo
        uses: webfactory/ssh-agent@v0.5.1
        with:
          ssh-private-key: ${{ secrets.GH_SSH_PRIVATE_KEY }}

      - name: Debug
        run: git clone ssh://git@github.com/veedstudio/veed-terraform-modules.git && ls

      - name: terraform plan
        uses: dflook/terraform-plan@v1
        with:
          path: environments/dev

Based on the logs it looks like this action is using a different home directory and runs inside a docker container, hence why it may not take into account the SSH setup? I assume fixing this may require changes to the action, I'd just like some help about how to go about this. Thank you for this super handy action library.

dflook commented 3 years ago

Hello @akaltar. I don't think there is any way to get webfactory/ssh-agent to work with a docker based action 😞. The ssh-agent is just not reachable from the container.

You could pass the private key into the container as an environment variable, or a file in the workspace. Either way, you would need to change the action so it configures ssh to use the key.

akaltar commented 3 years ago

Thank you, it looks like that would also mean I need to set up things like gcloud access internally as well. How is your repository licensed? Can I try to make a fork that doesn't use a docker container and just relies on terraform already being set up?

akaltar commented 3 years ago

@dflook Sorry for the spam, just not sure if you got a notification for the previous message I sent. Can I fork and modify this repository? Could you please give it a license? Thank you

dflook commented 3 years ago

Hi @akaltar, with v1.8.0 you can set a TERRAFORM_SSH_KEY environment variable that will be used for cloning terraform modules from a git source.