Viewing Report from Terrafrom plan in Merge Request

GitLab CI/CD
1

Error viewing report from Terrafrom plan in Merge Request

What are you seeing, and how does that differ from what you expect to see?

When generating a terraform report as an artifact in .gitlab-ci.yml the report cannot be loaded into the merge request. I expect to see some sort of report embedded in the merge request showing output from the plan.

Instead, I see:

! A terraform report was generated in your pipelines. Changes are unknown.

I also see a red banner:

An error occurred while loading terraform report

Related documentation

The artifacts:reports:terraform documentation is extremely brief.

Version

I am on gitlab.com running the prerelease 13.0.0 in a private repository, using shared runners.
The feature says it is introduced in version 13.0 by Add terraform report to merge request widget (#207528) · Issues · GitLab.org / GitLab · GitLab

CI configuration

The job in concern is

plan:
  stage: plan
  script:
    - terraform plan -input=false -out=tfplan tfbackend
    - terraform show -json tfplan > tfplan.json
  artifacts:
    reports:
      terraform: tfplan.json
    paths:
      - tfplan.json
    expire_in: 5 days
  only:
    - merge_requests
    - staging
    - master

Troublehsooting steps

I have tried several different combinations. terraform plan -out=tfplan outputs a binary plan. Giving that to the report yielded the same error.
What I currently have produces a good JSON artifact that can be downloaded and viewed, but nothing is embedded in the Merge Request.

Add tfplan conversion script to Terraform.gitlab-ci.yml template (#207526) · Issues · GitLab.org / GitLab · GitLab seems relevant, but I am having a hard time figuring out what is in progress and what I should expect to work.

1 Like
2

Hi!

There’s an example you can view here: https://gitlab.com/emilyring/terraform-test/-/merge_requests/4/diffs

And some docs that are being created here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31821/diffs

Are you able to see what your JSON file contains?

Thanks!

1 Like
3

Thank you for the resources, I will give them a try!! I didn’t realize I needed my own jq alias

Yes, I am able to see what the JSON contains - it is essentially the summary that plan displays in the terminal.

4

@byarbrough Yeah, the jq alias is needed so we can exclude any potential secrets from the plan output. The resulting JSON should look something like:

{
  "create": 0,
  "update": 0,
  "delete": 0
}

Let us know how it goes!

1 Like
5

I was able to get this working locally, but am still having trouble with the pipeline.

Here is what I output in my local pine container after following the exact same script:

{
  "create": 4,
  "update": 0,
  "delete": 0
}

Unfortunately, in the pipeline I get this error. I am using python:3.8-alpine3.11 as my base image and manually installing Terraform.

$ alias
alias convert_report='jq -r '\''([.resource_changes[]?.change.actions?]|flatten)|{"create":(map(select(.=="create"))|length),"update":(map(select(.=="update"))|length),"delete":(map(select(.=="delete"))|length)}'\'''
$ terraform show --json $PLAN | convert_report > $PLAN_JSON
/bin/bash: line 141: convert_report: command not found

This seems more like an error on my end, so I am continuing to debug.

Some things I noticed!
  • The example @emilyring provided does not contain apk add jq
  • There is a discrepancy of a ? between the documentation and the example file. I used the command from the documentation.
6

Good catch! The command from the documentation should be correct, the command was updated in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/30002 and should be part of 13.0.

The apk --no-cache add jq is being done here: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31821/diffs#985e5d840b3f82c46efcb6eebc74ffc83cdb7444_159_184

And it’s also done in the Dockerfile that generates the registry.gitlab.com/gitlab-org/gitlab-build-images:terraform image that the default Terraform.gitlab-ci.yml template will be using in 13.0.

For your image, since it’s also alpine based, I think it should work the same, so I’m curious what’s happening that is causing the alias to not be defined. Maybe it’s a quoting issue with the string?

1 Like
7

Thank you for all the help!
I never was able to get the alias working, even after trying it on an Ubuntu container. I ended up just echoing the command into a shell script and then calling that. Thrilled with having the summary in our merge requests!

Also, I mentioned the merge request and related issue in a related Terraform issue: https://github.com/hashicorp/terraform/issues/10507

8

@byarbrough definitely! I’m glad you got it working for your pipeline! Maybe in future we can move that alias into a command available inside the build image, that way you could just use it from the image: or make your custom image from it, that way you wouldn’t have to deal with echoing it to a script. Always glad to see how we can improve things!

9

Looks like the issue I was having with the alias not working was due to shell options. See this comment. This fixed it!

before_script:
  - shopt -s expand_aliases
3 Likes