Open mdobosz-isp opened 4 years ago
The behavior in the README assumes a non-zero exit code for the plan
step should fail the workflow job and not comment back on the pull request.
If you wish to used the -detailed-exitcode
argument and comment on the pull request regardless of the exit code of the plan
step, you can use this. Note, this will still mark the overall workflow job as failed when the plan
step returns a non-zero exit code.
- name: Terraform Plan
id: plan
run: terraform plan -no-color -detailed-exitcode
- uses: actions/github-script@0.9.0
if: ${{ github.event_name == 'pull_request' && (success() || failure()) }}
If you do not want the plan
step to fail the entire job, you can use the following. This will effectively ignore the exit code of the plan
step and continue with the subsequent steps, allowing you to decide what actions to take with the outputs from the plan
step.
- name: Terraform Plan
id: plan
run: terraform plan -no-color -detailed-exitcode
continue-on-error: true
- uses: actions/github-script@0.9.0
if: ${{ github.event_name == 'pull_request' && (success() || failure()) }}
- name: Check Terraform Plan
if: ${{ steps.plan.outputs.exitcode == 1 }}
run: |
echo "Terraform plan returned ${{ steps.plan.outputs.exitcode }}"
exit ${{ steps.plan.outputs.exitcode }}
You can also swap out the (success() || failure())
logic for your own logic. If you wished to only comment on the pull request when -detailed-exitcode
is 2
but fail the workflow job with -detailed-exitcode
is 1
, you can use this.
- name: Terraform Plan
id: plan
run: terraform plan -no-color -detailed-exitcode
continue-on-error: true
- uses: actions/github-script@0.9.0
if: ${{ github.event_name == 'pull_request' && steps.plan.outputs.exitcode == 2 }}
- name: Check Terraform Plan Exit Code
if: ${{ steps.plan.outputs.exitcode == 1 }}
run: |
echo "Terraform plan returned ${{ steps.plan.outputs.exitcode }}"
exit ${{ steps.plan.outputs.exitcode }}
Maybe we can add a separate example in the README for users of -detailed-exitcode
?
That's too bad, previously I just had to do this :
- name: 'Terraform Format'
uses: hashicorp/terraform-github-actions@master
with:
tf_actions_version: ${{ env.tf_version }}
tf_actions_subcommand: 'fmt'
tf_actions_comment: true
Which is far more clear. (awesome work BTW)
@sudomateo Is there any way to capture the output of run: terraform validate -no-color
?
I've tried the following:
- name: Terraform Validate
id: validate
run: echo "::set-output name=output::$(terraform validate -no-color)"
- name: Terraform Validate
id: validate
run: |
TF_VAL=$(terraform validate -no-color)
TF_VAL="${TF_VAL//'%'/'%25'}"
TF_VAL="${TF_VAL//$'\n'/'%0A'}"
TF_VAL="${TF_VAL//$'\r'/'%0D'}"
echo "::set-output name=output::$TF_VAL"
In either case I try to access the output of the validate stage like so:
- name: Terraform Comment
if: always()
uses: actions/github-script@v2
env:
PLAN: "${{ steps.plan.outputs.stdout}}"
VALIDATE: "${{ steps.validate.outputs.output}}"
...
So that I can output the comments to the PR as a comment, but no luck.
@bchr73 you can try something like this.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform Init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- run: echo ${{ steps.validate.outputs.stdout }}
@sudomateo The output of that step is then just as follows:
Run Echo 0s
1 > Run echo
2 echo
3 shell: /bin/bash -e {0}
4 env:
5 TERRAFORM_CLI_PATH: /home/runner/work/_temp/037498ad-9268-421e-a014-f2b0d1c0b82f
6
And nothing in the comments.
My steps ..
steps:
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform fmt
id: fmt
run: terraform fmt
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- id: validate_out
if: always()
run: echo ${{ steps.validate.outputs.stdout }}
- name: Terraform Plan
id: plan
run: terraform plan -no-color -detailed-exitcode
- name: Terraform Comment
if: always()
uses: actions/github-script@v2
env:
PLAN: "${{ steps.plan.outputs.stdout }}"
VALIDATE: "${{ steps.validate_out.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style ๐\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization โ๏ธ\`${{ steps.init.outcome }}\`
#### Terraform Validation ๐ค${{ steps.validate.outcome }}
<details><summary>Show</summary>\`\`\`${process.env.VALIDATE}\`\`\`</details>
#### Terraform Plan ๐\`${{ steps.plan.outcome }}\`
<details><summary>Show</summary>\`\`\`${process.env.PLAN}\`\`\`</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
Any idea?
@bchr73 you have a step with id
set to validate
and another step with id
set to validate_out
. Only the validate
step contains an output so you should probably use that inside your comment logic instead.
@sudomateo
@bchr73 you can try something like this.
- name: Setup Terraform uses: hashicorp/setup-terraform@v1 - name: Terraform Init run: terraform init - name: Terraform Validate id: validate run: terraform validate -no-color - run: echo ${{ steps.validate.outputs.stdout }}
So what were you suggesting here? What is the purpose of - run: echo ${{ steps.validate.outputs.stdout }}
and how would I reference it?
@bchr73 it was just meant to show you how to access the output of the validate
step. The echo
command isn't meaningful there, it was just used as an example.
@sudomateo
Oh I see thank you, I already knew that part, I tried ${{ steps.validate.outputs.stdout }}
but that wasn't working so I tried to explicitly set an output variable with set-output
(and it still didn't work).
My problem is when I try and access anything from my actions/github-script
- name: Terraform Comment
if: always()
uses: actions/github-script@v2
env:
PLAN: "${{ steps.plan.outputs.stdout }}"
VALIDATE: "${{ steps.validate.outputs.stdout }}"
...
The resulting comment is always empty
<details><summary>Show</summary>\`\`\`${process.env.VALIDATE}\`\`\`</details>
@bchr73 This workflow works for me.
It produces a comment like so.
@sudomateo
So does mine, but only when the outcome of the validate step is success
. I'm [also] interested in the error output of the validate step being output to the comments when it fails. I've been keeping my PR in a state where the validate stage is guaranteed to fail to test it.
You'll probably want to access the stderr
output instead then. I'm not sure if the terraform validate
command outputs to STDOUT or STDERR when there is a failure.
@sudomateo
Thank you, that has solved the issue for me, seems so obvious in retrospect. I appreciate you taking time on a Sat :)
I'm not sure of the
terraform validate
command outputs to STDOUT or STDERR when there is a failure.
Did you mean I'm not sure [if] the ...
? Otherwise can you kindly clarify the above? Thanks.
Yep. I meant if. Sorry!
Should this give me the plan output:
# Generates an execution plan for Terraform
- name: Terraform Plan
id: plan
run: terraform plan -no-color
continue-on-error: true
- name: Check Terraform Plan
run: |
echo "Terraform plan returned ${{ steps.plan.outputs.stdout }}"
I'm trying to follow this howto but I'm not getting any stdout.
@brettcurtis For what it's worth, I seem to remember I was having issues because I was forgetting that steps will only forward to stdout
if they have exited successfully. If your plan stage has exited with an error, you should be checking the output for stderr
@bchr73, in this case my plan is successful so I'd expect something back.
I mean that's essentially what mine looks like, except I'm getting actions to post a comment:
- name: Terraform Plan
id: plan
run: terraform plan -refresh=true -no-color -detailed-exitcode
continue-on-error: true
- name: Terraform Comment
if: always()
uses: actions/github-script@v2
env:
PLAN: "${{ steps.plan.outputs.stderr }}\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = ` ### Report
#### Terraform Plan - \`${{ steps.plan-check.outputs.check }}\` - ๐
\`\`\`${process.env.PLAN}\`\`\` `;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
I made a public repo with a simple test: https://github.com/lzysh/test-plan-output/runs/1232224004?check_suite_focus=true
It's highly possible I'm missing something, but should I expect an output here from line 39/40 ??
https://github.com/lzysh/test-plan-output/blob/master/.github/workflows/terraform.yml#L39
Hi! I have my solution works for sending terraform plan -no-color
output to the comment section
Here's my yaml file
...
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: |
out="$(terraform plan -no-color)"
# code below makes set-output keeps the multiline
# refer to this https://github.community/t/set-output-truncates-multiline-strings/16852/3
out="${out//'%'/'%25'}"
out="${out//$'\n'/'%0A'}"
out="${out//$'\r'/'%0D'}"
echo "::set-output name=plan::$out"
continue-on-error: true
- uses: actions/github-script@v5
if: github.event_name == 'pull_request'
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style ๐\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization โ๏ธ\`${{ steps.init.outcome }}\`
#### Terraform Validation ๐ค\`${{ steps.validate.outcome }}\`
#### Terraform Plan ๐\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`terraform\n
${{ steps.plan.outputs.plan }}
\n\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
...
I hope this helps! @mdobosz-isp
Used @ClavinJune code, with terraform_wrapper
set to false and got it working!
I am trying to migrate from
terraform-github-actions
to take advantage of the speed increase of running Javascript-based actions and native commands over Docker-based actions. I am running into some trouble to replicate the functionality of automatic PR comments.The Readme provides this as an equivalent example:
However this is not correct, as far as I can tell, due to a number of issues
run: terraform plan -no-color -detailed-exitcode
.if: github.event_name == 'pull_request' && steps.plan.outputs.exitcode == 2
run: terraform plan -no-color -detailed-exitcode || echo 0
terraform plan
returns code1
in case there's a problem with the terraform files, maybe by addingif (${{ steps.plan.outputs.exitcode }} == 1) { core.setFailed("There's a problem with the plan"); }
after the PR comment is created.I can try to whip up a PR to try to at least improve the Readme, but I wanted to ask for some thoughts first on what the intended usage is.