I'm considering using this project for the NixOS organisation (cc NixOS/org#40, @zimbatm, @galargh, @laurentsenta), and am just testing it out on https://github.com/Infinisil-s-Test-Organization/github-as-code for now, but am struggling to get it working. I went through the setup guide (up to including "GitHub Repository Secrets", the rest don't seem necessary) and am trying to just get it synchronised with the default configuration, but have run into the following:
-
The Fix workflow failed at terraform init with
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error loading state: failed to lock s3 state: 2 errors occurred:
* AccessDeniedException: User: arn:aws:iam::687407229899:user/github-as-code-read-only
is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:eu-west-3:687407229899:table/github-as-code-test
because no identity-based policy allows the dynamodb:PutItem action
status code: 400, request id: 6SVGL46SHRH4LV63GQ5KAJF49RVV4KQNSO5AEMVJF66Q9ASUAAJG
* unexpected end of JSON input
I've been able to work around this (see this run) by just allowing the IAM read-only policy access to dynamodb:PutItem, but that doesn't seem right..
-
Regardless of the above, the Sync workflow also fails at terraform import with
Acquiring state lock. This may take a few moments...
github_repository.this["nixpkgs"]: Importing from ID "nixpkgs"...
github_repository.this["nixpkgs"]: Import prepared!
Prepared github_repository for import
github_repository.this["nixpkgs"]: Refreshing state... [id=nixpkgs]
╷
│ Error: Unsupported attribute
│
│ on /home/runner/work/github-as-code/github-as-code/terraform/locals.tf line 141, in locals:
│ 141: for item in local.state.values.root_module.resources : item.mode => item...
│ ├────────────────
│ │ local.state is object with 1 attribute "format_version"
│
│ This object does not have an attribute named "values".
╵
Releasing state lock. This may take a few moments...
/home/runner/work/github-as-code/github-as-code/scripts/node_modules/@actions/exec/lib/toolrunner.js:592
error = new Error(`The process '${this.toolPath}' failed with exit code ${this.processExitCode}`);
^
Error: The process '/home/runner/work/_temp/7f31669d-51f3-442a-b1b0-de23c2e2ac75/terraform' failed with exit code 1
at ExecState._setResult (/home/runner/work/github-as-code/github-as-code/scripts/node_modules/@actions/exec/lib/toolrunner.js:592:25)
at ExecState.CheckComplete (/home/runner/work/github-as-code/github-as-code/scripts/node_modules/@actions/exec/lib/toolrunner.js:575:18)
at ChildProcess.<anonymous> (/home/runner/work/github-as-code/github-as-code/scripts/node_modules/@actions/exec/lib/toolrunner.js:469:27)
at ChildProcess.emit (node:events:524:28)
at maybeClose (node:internal/child_process:1104:16)
at ChildProcess._handle.onexit (node:internal/child_process:304:5)
Node.js v20.19.0
I'd be grateful for any help to get this working!
I'm considering using this project for the NixOS organisation (cc NixOS/org#40, @zimbatm, @galargh, @laurentsenta), and am just testing it out on https://github.com/Infinisil-s-Test-Organization/github-as-code for now, but am struggling to get it working. I went through the setup guide (up to including "GitHub Repository Secrets", the rest don't seem necessary) and am trying to just get it synchronised with the default configuration, but have run into the following:
The Fix workflow failed at
terraform initwithI've been able to work around this (see this run) by just allowing the IAM read-only policy access to
dynamodb:PutItem, but that doesn't seem right..Regardless of the above, the Sync workflow also fails at
terraform importwithI'd be grateful for any help to get this working!