Adding CLI credentials file (#118)

hashicorp · Nov 25, 2019 · 25487d5 · 25487d5
1 parent 9b888f8
commit 25487d5
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -69,17 +69,19 @@ This was a simplified example showing the basic features of these Terraform GitH
 
 Inputs configure Terraform GitHub Actions to perform different actions.
 
-* `tf_actions_version` - (Required) The Terraform version to install and execute.
 * `tf_actions_subcommand` - (Required) The Terraform subcommand to execute. Valid values are `fmt`, `init`, `validate`, `plan`, and `apply`.
-* `tf_actions_working_dir` - (Optional) The working directory to change into before executing Terraform subcommands. Defaults to `.` which means use the root of the GitHub repository.
+* `tf_actions_version` - (Required) The Terraform version to install and execute.
+* `tf_actions_cli_credentials_hostname` - (Optional) Hostname for the CLI credentials file. Defaults to `app.terraform.io`.
+* `tf_actions_cli_credentials_token` - (Optional) Token for the CLI credentials file.
 * `tf_actions_comment` - (Optional) Whether or not to comment on GitHub pull requests. Defaults to `true`.
+* `tf_actions_working_dir` - (Optional) The working directory to change into before executing Terraform subcommands. Defaults to `.` which means use the root of the GitHub repository.
 
 ## Outputs
 
 Outputs are used to pass information to subsequent GitHub Actions steps.
 
-* `tf_actions_plan_has_changes` - Whether or not the Terraform plan contained changes.
 * `tf_actions_output` - The Terraform outputs in JSON format.
+* `tf_actions_plan_has_changes` - Whether or not the Terraform plan contained changes.
 
 ## Secrets
 

diff --git a/action.yml b/action.yml
@@ -5,23 +5,28 @@ branding:
   icon: 'terminal'
   color: 'purple'
 inputs:
-  tf_actions_version:
-    description: 'Terraform version to install.'
-    required: true
   tf_actions_subcommand:
     description: 'Terraform subcommand to execute.'
     required: true
-  tf_actions_working_dir:
-    description: 'Terraform working directory.'
-    default: '.'
+  tf_actions_version:
+    description: 'Terraform version to install.'
+    required: true
+  tf_actions_cli_credentials_hostname:
+    description: 'Hostname for the CLI credentials file.'
+    default: 'app.terraform.io'
+  tf_actions_cli_credentials_token:
+    description: 'Token for the CLI credentials file.'
   tf_actions_comment:
     description: 'Whether or not to comment on pull requests.'
     default: true
+  tf_actions_working_dir:
+    description: 'Terraform working directory.'
+    default: '.'
 outputs:
-  tf_actions_plan_has_changes:
-    description: 'Whether or not the Terraform plan contained changes.'
   tf_actions_output:
     description: 'The Terraform outputs in JSON format.'
+  tf_actions_plan_has_changes:
+    description: 'Whether or not the Terraform plan contained changes.'
 runs:
   using: 'docker'
   image: './Dockerfile'
diff --git a/examples/arguments.md b/examples/arguments.md
@@ -24,7 +24,7 @@ jobs:
           tf_actions_subcommand: 'init'
           tf_actions_working_dir: '.'
           tf_actions_comment: true
-        args: '-var="env=dev"'
+          args: '-var="env=dev"'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```

diff --git a/examples/backends.md b/examples/backends.md
@@ -22,7 +22,7 @@ jobs:
           tf_actions_subcommand: 'init'
           tf_actions_working_dir: '.'
           tf_actions_comment: true
-        args: '-backend-config="token=${{ secrets.TF_API_TOKEN }}" -backend-config="organization=CHANGE_ME"'
+          args: '-backend-config="token=${{ secrets.TF_API_TOKEN }}" -backend-config="organization=CHANGE_ME"'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
diff --git a/examples/credentials-file.md b/examples/credentials-file.md
@@ -0,0 +1,35 @@
+# Terraform CLI Credentials File
+
+The Terraform CLI credentials file is used to authenticate to Terraform Cloud/Enterprise. This is useful if the Terraform configuration contains many `terraform_remote_state` data sources that read from the same Terraform Cloud/Enterprise instance or if the configuration uses modules located in the Private Module Registry.
+
+This example shows how to pass the hostname and token needed to create the CLI credentials file.
+
+```yaml
+name: 'Terraform GitHub Actions'
+on:
+  - pull_request
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@master
+      - name: 'Terraform Init'
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.12.13
+          tf_actions_subcommand: 'init'
+          tf_actions_working_dir: '.'
+          tf_actions_comment: true
+          tf_actions_cli_credentials_hostname: app.terraform.io 
+          tf_actions_cli_credentials_token: ${{ secrets.TF_API_TOKEN }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: 'Terraform Plan'
+        uses: hashicorp/terraform-github-actions@master
+        with:
+          tf_actions_version: 0.12.13
+          tf_actions_subcommand: 'plan'
+          tf_actions_working_dir: '.'
+```
diff --git a/examples/variables.md b/examples/variables.md
@@ -24,7 +24,7 @@ jobs:
           tf_actions_subcommand: 'init'
           tf_actions_working_dir: '.'
           tf_actions_comment: true
-        args: '-var="env=dev"'
+          args: '-var="env=dev"'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```
@@ -49,7 +49,7 @@ jobs:
           tf_actions_subcommand: 'init'
           tf_actions_working_dir: '.'
           tf_actions_comment: true
-        args: '-var-file="dev.tfvars"'
+          args: '-var-file="dev.tfvars"'
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 ```

diff --git a/src/main.sh b/src/main.sh
@@ -41,6 +41,26 @@ function parseInputs {
   if [ "${INPUT_TF_ACTIONS_COMMENT}" == "1" ] || [ "${INPUT_TF_ACTIONS_COMMENT}" == "true" ]; then
     tfComment=1
   fi
+
+  tfCLICredentialsHostname=""
+  if [ "${INPUT_TF_ACTIONS_CLI_CREDENTIALS_HOSTNAME}" != "" ]; then
+    tfCLICredentialsHostname=${INPUT_TF_ACTIONS_CLI_CREDENTIALS_HOSTNAME}
+  fi
+
+  tfCLICredentialsToken=""
+  if [ "${INPUT_TF_ACTIONS_CLI_CREDENTIALS_TOKEN}" != "" ]; then
+    tfCLICredentialsToken=${INPUT_TF_ACTIONS_CLI_CREDENTIALS_TOKEN}
+  fi
+}
+
+function configureCLICredentials {
+  if [[ ! -f "${HOME}/.terraformrc" ]] && [[ "${tfCLICredentialsToken}" != "" ]]; then
+    cat > ${HOME}/.terraformrc << EOF
+credentials "${tfCLICredentialsHostname}" {
+  token = "${tfCLICredentialsToken}"
+}
+EOF
+  fi
 }
 
 function installTerraform {
@@ -74,6 +94,7 @@ function main {
   source ${scriptDir}/terraform_output.sh
 
   parseInputs
+  configureCLICredentials
   cd ${GITHUB_WORKSPACE}/${tfWorkingDir}
 
   case "${tfSubcommand}" in