opentofu / setup-opentofu Goto Github PK

The current wrapper today exposes some output information about the execution of the command.

It would be nice to add some additional output including the number of resources to be:

• imported
• created
• modified
• deleted

I for execute some conditions based on those numbers and today I'm getting them parsing the out. I think it would be nice to include them in the setOutput of the wrapper already.

Let me know what you think

Hello guys.

Would it be possible to make opentofu/setup-opentofu marked as "Verified creator" in GitHub Marketplace please?

Example (https://github.com/marketplace/actions/renovate-bot-github-action):

Thank you...

steps:
- uses: opentofu/setup-opentofu@v1
  with:
    tofu_version_file: ./.opentofu-version

Example similar action: https://github.com/actions/setup-go#getting-go-version-from-the-gomod-file

At the moment, you can cat the file and write the information from a file to GITHUB_OUTPUT in one job step, and in another setup-opentofu with version by referencing that output.

It would be a lot more convenient if it was possible to setup-opentofu in a single step by giving it the file location itself. There are two ways this can work.

A. My request: Use .opentofu-version file format (or .terraform-version, see tenv)
B. Possible additional feature: Allow pointing to the file containing required_versions block (perhaps as tofu_version_block_file or something)

Option A is a lot simpler, and personally for me is all I need at the moment.
Option B sounds like a good to have, and I imagine other people might require it.

Are these two feature requests acceptable to the maintainers? If there is a (decent quality) PR will it be merged?

As a user of the setup-opentofu action, I want to rely on it when using the wrapper for stdout processing.

Problem

The tofu stdout's content captured by the wrapper is prefixed with the command yielding it. Apparently, it's caused by the default behaviour of @actions/exec: see the condition.

Proposed solutions

Propagate stdout/err without relying on @action/exec. See new release of setup-terraform and the fix for context.

Hi team,

I am trying to use OpenTofu in self-hosted runner. However, it does not work:

Error: Error: failed fetching releases (401)
Error: failed fetching releases (401)

Here is my very simple setup:

name: CI
on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
jobs:
  plan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: opentofu/setup-opentofu@v1

Please kindly let me know how to bypass this situation. Thank you for your help!

Problem

Github API quota is exceeded during tests.

Proposed solution

Add the github installation access token as request header in the fetchReleases function.

Problem

The test release.js mocks HTTP calls to github API wrongly. It led to testing side effects and unnecessarily quota consumption, see example.

Proposed Solution

Fix the "unhappy path" tests relying on the mock function fetchReleases

As a nit, nock can be removed from dependencies because it's not used.

Problem

The release artefacts were prepared manually in a local env, this is highly error prone.

Proposed Solution

Define a release github workflow. See the one hashicorp use as an example.

Followup on #2 (comment).

Hello.

This is a part of my github action file.

`jobs:
DeployTerraform:
runs-on: ubuntu-latest

name: "Deploy S"
steps:
  - name: Git clone the repository
    uses: actions/checkout@v3
  - name: configure aws credentials
    uses: aws-actions/configure-aws-credentials@v2
    with:
      role-to-assume: arn:aws:iam::9999999:role/github-devops
      role-session-name: devops-s
      aws-region: ${{ env.REGION }}
  - name: Setup OpenToFu
    uses: opentofu/setup-opentofu@v1
    with:
      terraform_version: 1.6.0
  - name: OpenToFu Init
    run: |
      cd environments/${{ env.ENVIRONMENT }}/${{ env.REGION }}
      tofu init
  - name: OpenToFu Plan
    run: |
      cd environments/${{ env.ENVIRONMENT }}/${{ env.REGION }}
      tofu plan -out=terraform.to.execute
  - name: OpenToFu Apply
    if: github.event_name != 'schedule'
    run: |
      cd environments/${{ env.ENVIRONMENT }}/${{ env.REGION }}
      tofu apply terraform.to.execute`

I have terraform_version in 1.6.0, but this error happen.

`Successfully configured the backend "s3"! OpenTofu will automatically
use this backend unless the backend configuration changes.
Initializing modules...

• repo in ../../../modules/ecr
• sin ../../../modules/s
  Downloading registry.opentofu.org/terraform-aws-modules/security-group/aws 5.1.2 for s.s...
• s.sg_smartico_collector in .terraform/modules/s.s
  Downloading registry.opentofu.org/terraform-aws-modules/security-group/aws 5.1.2 for s.s...
• s.sg_smartico_workers in .terraform/modules/s.s
  Downloading registry.opentofu.org/terraform-aws-modules/sqs/aws 4.2.0 for s.sqs...
• s.sqs in .terraform/modules/s.sqs
  ╷
  │ Error: Unsupported OpenTofu Core version
  │
  │ on main.tf line 2, in terraform:
  │ 2: required_version = "1.6.0"
  │
  │ This configuration does not support OpenTofu version 1.7.0. To proceed,
  │ either choose another supported OpenTofu version or update this version
  │ constraint. Version constraints are normally set for good reason, so
  │ updating the constraint may lead to other errors or unexpected behavior.
  ╵`

My code is:

      - uses: opentofu/setup-opentofu@v1
        with:
          tofu_wrapper: false
      - run: go mod download
      - env:
          TF_ACC: "1"
          TF_ACC_PROVIDER_NAMESPACE: "hashicorp"
          TF_ACC_PROVIDER_HOST: "registry.opentofu.org"
        run: TF_ACC_TERRAFORM_PATH=$(which tofu) go test -v -cover ./cilium
        timeout-minutes: 10

Could you create automatically the environment variables?

Like that, my code would be clean:

      - uses: opentofu/setup-opentofu@v1
        with:
          tofu_wrapper: false
          acceptance_test: true
      - run: go mod download
      - run: go test -v -cover ./cilium
        timeout-minutes: 10

Problem

The debugging logs will be emitted by default. For example:

Plan: 1 to add, 0 to change, 0 to destroy.
neon_project.this: Creating...
neon_project.this: Creation complete after 1s [id=blue-cloud-40428863]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
::debug::OpenTofu exited with code 0.

Proposed Solution

Make debugging logs optional. They could be activated following the github instructions.

What and Why:

• Change legacy GitHub Action branding to reflect OpenTofu color scheme:

Before:

branding:
  icon: 'terminal'
  color: 'purple'

After:

branding:
  icon: 'trending-up'
  color: 'yellow'

This behavior matches setup-terraform.

It does not appear to be working according to the documentation. https://github.com/northwood-labs/terraform-provider-corefunc/actions/runs/7748820624/job/21132182279

The setup-opentofu action is accessing the public GitHub API to retrieve all respective releases and the download URLs, respectively. This mechanism might fail when the GitHub API quota is reached for anonymous requests:

Run opentofu/setup-opentofu@v1
Error: Error: failed fetching releases (403)
Error: failed fetching releases (403)

A recent change (#15) added the possibility to provide a GitHub token to avoid hitting the GitHub API quota. This approach might not work for all users that are using the action in a private GitHub enterprise instance as they are unable to supply a valid token.

Is there any possibility to completely avoid using the GitHub API?