integrations / terraform-provider-github

Terraform GitHub provider
https://www.terraform.io/docs/providers/github/
MIT License
912 stars 754 forks source link

github_repository_environment - Provider produced inconsistent result after apply #834

Open giulianozor opened 3 years ago

giulianozor commented 3 years ago

I am on a free github plan, repo is public

Terraform Version

Terraform v1.0.0
on darwin_amd64
+ provider registry.terraform.io/integrations/github v4.12.0

Affected Resource(s)

github_repository_environment

Terraform Configuration Files


locals  {
environments_list_expanded = {
     test1.DEV = {repo ="test1", code="DEV",name="Development"}},
     test1.PROD = {repo ="test1", code="PROD",name="Production"}},
     test2.DEV = {repo ="test2", code="DEV",name="Development"}},
     test2.PROD = {repo ="test2", code="PROD",name="Production"}}
  }
}

resource "github_repository_environment" "environments" {
  for_each = local.environments_list_expanded
  environment   = each.value.name
  repository    = var.repo_name
  wait_timer = 10

  reviewers {
    users = [ var.user_id ]
  }

  deployment_branch_policy {
    protected_branches          = true
    custom_branch_policies      = false
  }
}

Debug Output

│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to
│ github_repository_environment.environments["test2.DEV"], provider
│ "provider[\"registry.terraform.io/integrations/github\"]" produced an
│ unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Expected Behavior

No error at all

Actual BehaviorUser was added to the reviewers, but terraform exited with the error above

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply (without reviewers) > that runs fine
  2. terraform apply (after adding the reviewers in the cconfig) > that gives the error

Update: It seems the error happens only from the 2nd apply. I have to destroy and apply and everything works fine

References

I have seen fixes for other resources in the past, but not tor this resource

eerkunt commented 3 years ago

We are experiencing exactly the same problem. Even after the resource is destroyed by terraform, the problem still occurs.

JustinYeoh93 commented 3 years ago

Experiencing the same thing. Specifically at the reviewers argument in the resource github_repository_environment.

Terraform Configuration FIles

resource "github_repository_environment" "production_environment" {
  environment = "Production Environment"
  repository  = github_repository.repository.name
  reviewers {
    teams = var.prod_deploy_review_teams
    users = var.prod_deploy_review_users
  }
  deployment_branch_policy {
    protected_branches     = true
    custom_branch_policies = false
  }
}

After running terraform apply -auto-approve for the first time, terraform says it has successfully created the resources. However, when you check GitHub's environments, the required reviewers is checked but the users and teams are not added to the reveiwers list.

Now, when you run terraform apply -auto-approve the second time, the error as the author post suggested occur.

Error: Provider produced inconsistent result after apply

When applying changes to
module.webapp-repository.github_repository_environment.production_environment,
provider "registry.terraform.io/integrations/github" produced an unexpected
new value: Root resource was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

However, if you check GitHub again, the reviewers are now properly added into the environment.

Now, if you run terraform apply -auto-approve a third time. No errors occur with a message saying that there are no infrastructure changes.


EDIT

If I were to put in the argument depends_on and ensure that the teams that are to review the system be created before adding them as reviewer, then this error would not occur. I'm not sure if this is related to the above.

Essentially, from:

resource "github_repository" "repository" {
  name                   = var.name
  description            = var.description
}

resource "github_team_repository" "repository_teams" {
  repository = github_repository.repository.name
  team_id    = var.team_id
  permission = "push"
}

resource "github_repository_environment" "environment" {
  environment = "some-environment"
  repository  = github_repository.repository.name
  reviewers {
    teams = [github_team_repository.repository_teams.team_id]
  }
  deployment_branch_policy {
    protected_branches     = true
    custom_branch_policies = false
  }
  depends_on = [
    github_team_repository.repository_teams,
  ]
}

I feel this might have some relation, so dropping it here.

EDIT Never mind. Despite my depends_on above, it still fails on me if I were to update an existing resource as per the below comments.

Irindul commented 3 years ago

We are experiencing the same kind of problem. When adding the reviewers, only the first team in our list is added. The subsequent terraform apply produces the error. No matter how many time we call it, we still have the error.

gilfthde commented 3 years ago

With the depends_on workaround mentioned by @JustinYeoh93 it works for me if I create all involved resources at once.

But if I try to add a reviewers team to an existing github_repository_environment it requires two terraform applyruns:

However any try to remove a team does not recover. The first terraform apply run again applies the changes but thows the error:

Terraform will perform the following actions:

  # module.repo.github_repository_environment.dev will be updated in-place
  ~ resource "github_repository_environment" "dev" {
        id          = "repo:dev"
        # (2 unchanged attributes hidden)

      - reviewers {
          - teams = [
              - 22,
            ] -> null
          - users = [] -> null
        }
        # (1 unchanged block hidden)
    }

Any subsequent terraform apply run tries to remove the reviewers again and the error persists:

Error: Provider produced inconsistent result after apply

When applying changes to module.repo.github_repository_environment.dev, provider "provider[\"registry.terraform.io/integrations/github\"]" produced an unexpected new value: Root resource was present, but now absent.
orionCook commented 2 years ago

We're also experiencing the same problem. We can't use the workaround with the depends_on at this point in time, so using this provider is blocking our progress.

sdickhoven commented 2 years ago

is this going to get fixed anytime soon?

we've been using the following workaround but that's obviously not great for making changes:

resource "github_repository_environment" "foo" {
  ...
  lifecycle {
    ignore_changes = [reviewers]
  }
}
github-actions[bot] commented 1 year ago

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

giulianozor commented 1 year ago

After 20 months, I suppose this will never be fixed :(

giulianozor commented 8 months ago

32 months and 2 weeks bump... any news about this ?

thanks

giulianozor commented 5 months ago

happy third anniversary!

tiagoasousa commented 1 month ago

any update on this?

jmcclell commented 1 month ago

Just ran into this issue. 3 years running, nice! 😆 Seems like it isn't a prio for the maintainers – someone from the community is probably going to have to look into it. 🤷🏻‍♂️