search

terraform-google-modules / terraform-example-foundation

Shows how the CFT modules can be composed to build a secure cloud foundation
https://cloud.google.com/architecture/security-foundations
Apache License 2.0
1.22k stars 714 forks source link

Google Cloud Foundation Bootstrapping fail due to github secret_key 404 Not Found #1278

Closed edoc-intg closed 1 month ago

edoc-intg commented 3 months ago

TL;DR

Cloned the repo from github and used our service account and modified the terraform.tfvars file with our inputs.The setup is failing with below error :

Error: GET https://api.github.com/repos/edoc-intg/netwrk-demo/actions/secrets/public-key: 404 Not Found [] │ │ with github_actions_secret.secrets["net.TF_VAR_gh_token"], │ on github.tf line 102, in resource "github_actions_secret" "secrets": │ 102: resource "github_actions_secret" "secrets" { │

The above error is coming for all the repos

Please can you provide assistance ..

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

Error: GET https://api.github.com/repos/edoc-intg/netwrk-demo/actions/secrets/public-key: 404 Not Found []
│ 
│   with github_actions_secret.secrets["net.TF_VAR_gh_token"],
│   on github.tf line 102, in resource "github_actions_secret" "secrets":
│  102: resource "github_actions_secret" "secrets" {
│

Terraform Version

Terraform v1.8.5

Additional information

No response

eeaton commented 3 months ago

There's not enough information for us to troubleshoot, but this looks like a setup issue in your environment.

Assuming that you're using Github as your deployment tool, please review all the setup directions at https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/README-GitHub.md.

The above error is coming for all the repos

Also note, the repos are intended to be deployed in a specific order, subsequent stages depend on the outputs of all the previous stages, so you must start at 0-bootstrap and proceed sequentially.

Hope that helps. I'll close this for now, but if the setup documentation doesn't address the issue feel free to re-open with additional details about what you've setup and steps to reproduce.

edoc-intg commented 3 months ago

We used this same link(https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/README-GitHub.md.) and followed the same steps.

We started with the bootstrap step and set the service principal and folders in the gcp console. Then we ran all the steps and this error happens in the last apply step of terraform. We are creating the repos using the git commands and a fined grained token to perform.

Please can you help, let me know if you need any further information

daniel-cit commented 3 months ago

Hi @edoc-intg . Could you check the permissions that were granted to the fine grained token? the token needs:

Secrets: Read and Write is the permission needed by the endpoint that is presented in the error Get a repository public key

Get a repository public key Gets your public key, which you need to encrypt secrets. You need to encrypt a secret before you can create or update secrets. Anyone with read access to the repository can use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. The fine-grained token must have the following permission set: "Secrets" repository permissions (read)

The documentation of the API endpoint in the link has an cURL example that you can use to test if the token you created has the right permissions

Also, the repository netwrk-demo needs to exist under the owner edoc-intg

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days