I could really use some help. I have what is currently a completely minimal gitlab-ci.yml file that includes gitlab.com/components/opentofu/full-pipeline@0.10.0 and when it tries to run the validate stage, I get the error “Error refreshing state: HTTP remote state endpoint requires auth”. I can’t figure out what I’m doing wrong. The only reference to this error I can find (Troubleshooting the Terraform integration with GitLab | GitLab) suggests I not use TF_HTTP_PASSWORD, but I’m already not doing that!!
This is actually my second (or so) kick at the can. I started with using the Terraform templates and was getting the same error. I was hoping I was using the templates wrong, so I tried switching to OpenTofu…
This is my gitlab-ci.yml:
variables:
TFdir: ${CI_PROJECT_DIR}/tf
DEBUG_OUTPUT: “true”
OK, clearly I’m overlooking a config variable: I turned on debug and saw this is the failing command line:
tofu ‘-chdir=/builds/emteeoh/flaskhost/tf’ init ‘-backend=false’ ‘-input=false’ -reconfigure
-backend=false
OK, so it’s the validate stage. This’ll parse the TF files and download providers and modules, but won’t initialize the backend. I guess that makes sense.
Except it doesn’t: if I’m not initializing the backend, why is it trying to refresh the state?
To add to my confusion, I recreated all the environment variables that I see in the job’s debug output in a script on my desktop, and ran the same command, and it runs just fine! There must be something in the environment I don’t see that is mucking up the works.
include:
- component: gitlab.com/emteeoh/opentofu/full-pipeline@0.10.0
inputs:
- # The version must currently be specified explicitly as an input,
- # to find the correctly associated images. # This can be removed
- # once https://gitlab.com/gitlab-org/gitlab/-/issues/438275 is solved.
version: 0.10.0
opentofu_version: 1.6.1
root_dir: ${TFdir}
Neither options feels like a likely reason for it to start working, but I don’t think I’ve done anything else!