search

integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
891 stars 736 forks source link

[BUG]: Terraform plan hangs/freezes when used in a GitHub Actions workflow AND auth is based on GitHub App #2241

Open tiberium opened 5 months ago

tiberium commented 5 months ago

Expected Behavior

terraform plan should work in a GitHub Actions workflow with authentication based on GitHub App (using PEM file as the private key).

Actual Behavior

When I try to run terraform plan -out=plan in a GitHub Action, and I set the envs to provide the GitHub App configuration (all three envs set correctly: GITHUB_APP_ID, GITHUB_APP_INSTALLATION_ID, GITHUB_APP_PEM_FILE), the GitHub Actions job freezes/hangs after doing few Refreshing state... operations.

When executed from a local machine, outside the GitHub Actions context, with the same terraform file, with the same envs, and the same terraform version, the terraform plan operation works as expected. It seems to me that the problem only exists when the terraform command is executed on the GitHub Actions runner. Tested on two runners: ubuntu-latest and arc-runner-set (k8s).

When using PAT generated from the GitHub App, the behavior is correct - the terraform plan command works as expected both locally and on the GitHub Actions runner.

Terraform Version

Terraform v1.7.1

GitHub Provider v6.2.1 (tested also with v6.0.1, same behavior)

Affected Resource(s)

Affects basic terraform plan command (at least) when executed in a GitHub Actions job context AND the auth is based on GitHub App.

Terraform Configuration Files

No response

Steps to Reproduce

jobs:
  terraform-plan:
    runs-on: [ ubuntu-latest ]
    steps:  
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Setup terraform
        uses: hashicorp/setup-terraform@v3
        with:
          terraform_version: 1.7.1
          terraform_wrapper: false

      - name: Configure AWS
         # To access the state file
         # ...

      - name: Terraform init
        run: terraform init

      - name: Terraform plan
        env:
          GITHUB_OWNER: ***
          GITHUB_APP_ID: ***
          GITHUB_APP_INSTALLATION_ID: ***
          GITHUB_APP_PEM_FILE: ***
        run: terraform plan -out=${{ runner.temp }}/plan

Debug Output

No response

Panic Output

No response

Code of Conduct

bahag-hammera commented 3 months ago

Seems that we have the same issue in our setup, the plan gets stuck while reading it's state:

TF version 1.8.5 Provider Version: 6.2.2