Comments (9)
dflook
commented on May 19, 2024
2
Yes, this is planned soon. This is noted in the docs. If you set a label, then the variables won't be shown in the comment.
from terraform-github-actions.
erzz
commented on May 19, 2024
1
Just ran into this myself for the first time :)
I much prefer the layout of the comments when a label is not set.
e.g.
nice and clear what exactly plan is based on
missing important info in my opinion
Ideal for me we would have the no-label layout with anything either marked sensitive in the terraform config or coming from a github secret masked?
from terraform-github-actions.
JelleSmet-TomTom
commented on May 19, 2024
Yes, this is planned soon. This is noted in the docs. If you set a
label, then the variables won't be shown in the comment.
@dflook I could find the reference in the documentation but I'm afraid I have no idea what this means ...
could you give an example on how to modify the below such that the content of secret is not visible in the PR comment?
... snip ...
- name: Terraform Plan
uses: dflook/[email protected]
id: terraform-plan
with:
path: .github/_scratch/xxxxxxxxxxx
variables: |-
name = "some value"
secret = "${{ secrets.MY_SECRET_VALUE }}"
... snip ...
from terraform-github-actions.
dflook
commented on May 19, 2024
Hi @JelleSmet-TomTom, it would look something like this:
- name: Terraform Plan
uses: dflook/[email protected]
id: terraform-plan
with:
label: production
path: .github/_scratch/xxxxxxxxxxx
variables: |-
name = "some value"
secret = "${{ secrets.MY_SECRET_VALUE }}"where the label is whatever makes sense for that plan. It should be the same in the dflook/terraform-apply step, if there is one.
from terraform-github-actions.
JelleSmet-TomTom
commented on May 19, 2024
Oh ok, I'll try this out tomorrow. It's somewhat odd/not intuitive this cause & effect exists.
Tnx @dflook for the project & support
from terraform-github-actions.
JelleSmet-TomTom
commented on May 19, 2024
Hi @dflook I'm afraid I can't seem to achieve that by setting a label value?
So to summarize and to check if I understood the behavior correctly:
Terraform variables which have the sensitive property set will have their value masked in the pull request comment added by the dflook action once a random value is assigned to the label parameter of the dflook/terraform-plan and dflook/terraform-apply actions.
edit: it seems the moment I set label the complete variables section is missing from the PR comment?
from terraform-github-actions.
dflook
commented on May 19, 2024
There is no masking at all at the moment. Without a label, the comment contains the variables. With a label, the comment contains only the label.
from terraform-github-actions.
JelleSmet-TomTom
commented on May 19, 2024
ok got it .. thank you so much for clarifying!
from terraform-github-actions.
dflook
commented on May 19, 2024
v1.31.0 has been released which masks sensitive variables in the PR comment
from terraform-github-actions.
Related Issues (20)
- Cannot run plan with S3 backend HOT 4
- Inability to trigger the action due to an alleged missing file HOT 5
- Terraform Plan action fails due to Unknown token: 15:19 IDENT confluent_service_account.app-producer.id error HOT 10
- "terraform-plan" fails with an error while using "terraform plan" succeeds HOT 2
- backend_config read as file in apply
- Ability to Share Plan Outputs Between Runs HOT 6
- Resources are not removed despite the action claiming otherwise HOT 2
- Issues in terraform version 1.6.0 HOT 1
- Support for Terraform 1.6 test framework
- Terraform Cloud deploy with hard-coded workspace fails
- Add option to create new comments on following execution of a terraform operation HOT 3
- OpenTofu support HOT 5
- Terraform Plan Action failing on tf version 1.6.x showing S3 403 permission error
- terraform-plan error: The process '/usr/bin/git' failed with exit code 128 HOT 2
- Terraform Plan Fails on self-hosted runner - ls: cannot access '/github/home': No such file or directory HOT 12
- .tool-versions at workspace level doesn't work HOT 1
- Terraform Cloud backend requires manual "Confirm & Apply" for Terraform >= 1.6.0 HOT 6
- Add option for multiple SSH keys (GH deploy keys)
- auto apply if no resources changed HOT 1
- Impossible to update to a newer terraform version if only the GitHub Action is allowed to execute terraform HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-github-actions.