我有一个GitHub工作流部署在AWs上使用地形,我正在努力传递地形变量。
以下步骤失败,因为找不到variables.tf
中定义的变量- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
django_secret_key: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
admin: ${{ secrets.TF_VAR_ADMIN }}
admin_email: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
admin_password: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
db_username: ${{ secrets.TF_VAR_DB_USERNAME }}
db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}
run: |
export ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -no-color -input=false
continue-on-error: true
在gitlab ci中,我刚刚将tf_variables定义为ci变量所以我在GitHub中也这么做了但是ci失败了,出现了这个错误信息
Run export TF_VAR_ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
export TF_VAR_ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -no-color -input=false
shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
env:
AWS_DEFAULT_REGION: us-east-1
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ***
AWS_SECRET_ACCESS_KEY: ***
TERRAFORM_CLI_PATH: /home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8
ECR_REGISTRY: ***.dkr.ecr.us-east-1.amazonaws.com
ECR_REPOSITORY: ***
TF_VAR_DJANGO_SECRET_KEY: ***
TF_VAR_ADMIN: ***
TF_VAR_ADMIN_EMAIL: ***
TF_VAR_ADMIN_PASSWORD: ***
TF_VAR_DB_USERNAME: ***
TF_VAR_DB_PASSWORD: ***
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Reusing previous version of hashicorp/aws from the dependency lock file
- Reusing previous version of hashicorp/template from the dependency lock file
- Using previously-installed hashicorp/aws v4.15.1
- Using previously-installed hashicorp/template v2.2.0
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin workspace select staging
Switched to workspace "staging".
/home/runner/work/_temp/0bf615bc-6784-4171-a424-de5f1040eae8/terraform-bin plan -no-color -input=false
Releasing state lock. This may take a few moments...
Error: No value for required variable
on variables.tf line 11:
11: variable "db_***" {
The root module input variable "db_***" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 14:
14: variable "db_***" {
The root module input variable "db_***" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 31:
31: variable "django_***_key" {
The root module input variable "django_***_key" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: No value for required variable
on variables.tf line 34:
34: variable "***" {
The root module input variable "***" is not set, and has no default value.
Use a -var or -var-file command line argument to provide a value for this
variable.
Error: No value for required variable
on variables.tf line 37:
37: variable "***_email" {
The root module input variable "***_email" is not set, and has no default
value. Use a -var or -var-file command line argument to provide a value for
this variable.
Error: No value for required variable
on variables.tf line 40:
40: variable "***_***" {
The root module input variable "***_***" is not set, and has no
default value. Use a -var or -var-file command line argument to provide a
value for this variable.
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.
这样怎么样?
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
django_secret_key: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
admin: ${{ secrets.TF_VAR_ADMIN }}
admin_email: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
admin_password: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
db_username: ${{ secrets.TF_VAR_DB_USERNAME }}
db_password: ${{ secrets.TF_VAR_DB_PASSWORD }}
run: |
export ecr_image_api=$ECR_REGISTRY/$ECR_REPOSITORY:dev
terraform init
terraform workspace select staging || terraform workspace new staging
terraform plan -var="db_username=${{ secrets.TF_VAR_DB_USERNAME }}" -var="db_password==${{ secrets.TF_VAR_DB_PASSWORD }}" -var="admin_email=${{ secrets.TF_VAR_ADMIN_EMAIL }}" -var="admin_password=${{ secrets.TF_VAR_ADMIN_PASSWORD }}" -var="admin=${{ secrets.TF_VAR_ADMIN }}" -var="django_secret_key=${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}" -var="ECR_REGISTRY=${{ steps.login-ecr.outputs.registry }}" -var="ECR_REPOSITORY=${{ secrets.ECR_REPO }}" -no-color -input=false
continue-on-error: true
在下面附加一个代码片段。使用TF_VAR前缀也可以。在下面的代码片段中,env_account_ids将被发送到它下面的地形计划。
- name: Terraform Plan
env:
TF_VAR_env_account_ids: "[ XXXX,YYYY,ZZZZ ]"
run: terraform plan -out=plan
这样使用它们更有用,也更好:
env:
TF_VAR_DJANGO_SECRET_KEY: ${{ secrets.TF_VAR_DJANGO_SECRET_KEY }}
TF_VAR_ADMIN: ${{ secrets.TF_VAR_ADMIN }}
TF_VAR_ADMIN_EMAIL: ${{ secrets.TF_VAR_ADMIN_EMAIL }}
TF_VAR_ADMIN_PASSWORD: ${{ secrets.TF_VAR_ADMIN_PASSWORD }}
TF_VAR_DB_USERNAME: ${{ secrets.TF_VAR_DB_USERNAME }}
TF_VAR_DB_PASSWORD: ${{ secrets.TF_VAR_DB_PASSWORD }}
它适用于Github的动作,它适用于所有的cicd,因为这是简单的环境变量的terraform。你甚至可以在本地定义它们