Open
Description
Problem description
The terraform action step plan diverges from the plan generated on PR commit for no obvious reason, hence it does not apply the changes. We are utilizing the ECS task definitions.
Terraform version
latest
Backend
aws
Workflow YAML
name: Build Main
on:
push:
branches:
- "main"
concurrency: build-${{ github.repository }}
permissions:
pull-requests: write
contents: write
jobs:
build-version:
name: Create Build version
runs-on: ubuntu-latest
outputs:
version: ${{ steps.output-version-step.outputs.version }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create build version
id: version
uses: paulhatch/semantic-version@v5.4.0
with:
# The prefix to use to identify tags
tag_prefix: "v"
# A string which, if present in a git commit, indicates that a change represents a
# major (breaking) change, supports regular expressions wrapped with '/'
major_pattern: "(MAJOR)"
# A string which indicates the flags used by the `major_pattern` regular expression. Supported flags: idgs
major_regexp_flags: ""
# Same as above except indicating a minor change, supports regular expressions wrapped with '/'
minor_pattern: "(MINOR)"
# A string which indicates the flags used by the `minor_pattern` regular expression. Supported flags: idgs
minor_regexp_flags: ""
# A string to determine the format of the version output
version_format: "${major}.${minor}.${patch}"
# If this is set to true, *every* commit will be treated as a new version.
bump_each_commit: false
# If true, the body of commits will also be searched for major/minor patterns to determine the version type.
search_commit_body: false
# The output method used to generate list of users, 'csv' or 'json'.
user_format_type: "csv"
- name: Set build version
run: echo "VERSION=${{ steps.version.outputs.version }}" >> $GITHUB_ENV
- name: Tag commit
uses: tvdias/github-tagger@v0.0.1
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
tag: v${{ env.VERSION }}
- name: Create release
uses: ncipollo/release-action@v1
with:
token: "${{ secrets.GH_RELEASE }}"
tag: v${{ env.VERSION }}
- id: output-version-step
run: echo "version=${{ env.VERSION }}" >> "$GITHUB_OUTPUT"
changes:
name: Detect changes
needs: [build-version]
runs-on: ubuntu-latest
permissions:
pull-requests: read
contents: read
outputs:
proxy: ${{ steps.filter.outputs.proxy }}
corp: ${{ steps.filter.outputs.corp }}
dev: ${{ steps.filter.outputs.dev }}
prod: ${{ steps.filter.outputs.prod }}
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
ireland:
- 'corp/ireland/**'
london:
- 'corp/london/**'
dev:
- 'env/dev/**'
- 'modules/**'
prod:
- 'env/prod/**'
- 'modules/**'
terraform-dev:
needs: [changes]
if: ${{ needs.changes.outputs.dev == 'true' }}
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
environment:
name: development
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Terraform Apply for Dev
uses: dflook/terraform-apply@v2
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TERRAFORM_HTTP_CREDENTIALS: |
github.com/org/infrastructure.git=xxxxx:${{ secrets.GH_ACCESS_TOKEN }}
with:
path: env/devWorkflow log
Postmerge GIST: https://gist.github.com/PeterBocan/0b191782a1ade8bcbde1d64809e29f0e
Premerge PR comment: https://gist.github.com/PeterBocan/26314628298750dfd8da8f4f49dda2bcHas debug logging been enabled?
- Yes, the
ACTIONS_STEP_DEBUGsecret was set totruewhen capturing the workflow log above. I understand that if I have not done this, I may not receive a response.