【发布时间】:2021-12-17 13:07:44
【问题描述】:
我正在尝试将 terraform 云与 gcp 一起使用。为此,我有以下提供者配置
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.89.0"
}
}
}
provider "google" {
region = local.region
project = local.project
credentials =
}
根据https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#credentials-1,我创建了环境变量GOOGLE_CREDENTIALS,并设置了下载的凭证文件。
现在,当我尝试使用 github 操作运行工作流时,出现以下错误
这就是我的 gihub 工作流文件的样子
name: 'event profile api deploy pipeline'
on:
workflow_dispatch:
branches:
- main
pull_request:
jobs:
terraform:
name: 'Terraform-deploy'
runs-on: ubuntu-latest
environment: dev
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v2
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
working-directory: ./terraform
run: terraform init
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
working-directory: ./terraform
run: terraform fmt -check
# Generates an execution plan for Terraform
- name: Terraform Plan
working-directory: ./terraform
run: terraform plan
知道这里可能出了什么问题吗?
【问题讨论】:
-
您说您正在为
GOOGLE_APPLICATION_CREDENTIALS创建一个(名称不正确)环境变量,但我在您的工作流程中看不到它。 ADC 和 tf 期望环境中的变量。 -
这看起来很有用:github.com/google-github-actions/auth 新的 Workload Identity Federation 很简洁!
标签: google-cloud-platform terraform cloud workflow github-actions