Using a container image avoids use external tools

[leinad87]

It is common that terragrunt/terraform requires external tools like az cli or aws cli, however the docker image does not have them (and probably shouldn't).

This is at this job that checkouts code, log into azure and tries to run terragrunt:

  plan:
    runs-on: ubuntu-latest
    needs: [ checks ]
    steps:
      - name: 'Checkout'
        uses: actions/checkout@main

      - name: Azure Login
        uses: azure/login@v1
        with:
          creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ vars.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ vars.AZURE_TENANT_ID }}"}'

      - name: Plan
        uses: gruntwork-io/terragrunt-action@v1
        with:
          tf_version: ${{ env.tf_version }}
          tg_version: ${{ env.tg_version }}
          tg_dir: ${{ env.working_dir }}
          tg_command: 'run-all plan'

Eror: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in $PATH.

[michw]

It is possible to run custom pre exec job with:

- name: Plan
  uses: gruntwork-io/terragrunt-action@v1.0.10
  env:
    INPUT_PRE_EXEC_0: 'curl -sLO https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && unzip -q awscli-exe-linux-x86_64.zip && ./aws/install'
  with:
    tf_version: ${{ env.tf_version }}
    tg_version: ${{ env.tg_version }}
    tg_dir: ${{ env.working_dir }}
    tg_command: 'run-all plan'

Readme

@denis256 With (now deleted) v1.0.11 I couldn't install repository packages with apt, b/c of the user change in Dockerfile. If you plan to release user change feature again (highly appreciated), please consider adding smth like

diff --git a/terragrunt/Dockerfile b/terragrunt/Dockerfile
index 095959f..33480c4 100644
--- a/terragrunt/Dockerfile
+++ b/terragrunt/Dockerfile
@@ -13,11 +13,13 @@ RUN apt-get update && apt-get install -y \
     jq \
     unzip \
     wget \
+    sudo \
     && rm -rf /var/lib/apt/lists/*

 # Create runner user
 RUN addgroup --system --gid 127 docker
 RUN useradd --system -u 1001 -g 127 -ms /bin/bash runner
+RUN echo "runner ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/runner
 USER runner

 RUN mkdir -p /home/runner/.ssh

Thank you!

[leinad87]

Thank you, I didn't know about that option, but does it make sense? I'm using terragrunt-action to minimize coding and avoid installing manually terragrunt and terraform, but I can't use Azure action to install az cli.

PD: This is not a bug anymore, this is more a proposal

[BenediktSchuh1324]

I am running into a simmilar issue. Implementing a setup terragrunt would help a lot because we would have the control what context is used. One other Problem is that authenticating with gcloud before applying terragrunt

[CsBigDataHub]

Similar issue with me as well.

[can-axelspringer]

I got permission denied for the following.

mkdir: cannot create directory '/usr/local/aws-cli': Permission denied

- name: Plan
  uses: gruntwork-io/terragrunt-action@v1.0.10
  env:
    INPUT_PRE_EXEC_0: 'curl -sLO https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && unzip -q awscli-exe-linux-x86_64.zip && ./aws/install'
  with:
    tf_version: ${{ env.tf_version }}
    tg_version: ${{ env.tg_version }}
    tg_dir: ${{ env.working_dir }}
    tg_command: 'run-all plan'

[SakharamS]

Adding INPUT_PRE_EXEC_0 still results in the same error. Has anyone found the solution?

[denis256]

in my projects, I use sudo ...

        env:
          INPUT_PRE_EXEC_0: 'sudo curl -sLO https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip && sudo unzip -q awscli-exe-linux-x86_64.zip && sudo ./aws/install'
          INPUT_PRE_EXEC_1: 'aws --version'

https://github.com/denis256/terragrunt-tests/blob/master/.github/workflows/basic-test-install-tools.yml#L35