Description
Hello guys,
I'm trying to use digger on github to deploy to azure, this time using 'CONNECTION_STRING' auth
I have multiple projects, each project has their own sub, their own storage account with the state, etc.
here the workflow (edited a bit)
- name: digger run
uses: diggerhq/[email protected]
with:
no-backend: true
setup-terraform: true
setup-azure: true
terraform-version: ${{ inputs.TF_VERSION }}
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_OWNER: xxx
LOCK_PROVIDER: azure
DIGGER_AZURE_AUTH_METHOD: CONNECTION_STRING
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
# if DIGGER_AZURE_CONNECTION_STRING is passed here it works
# DIGGER_AZURE_CONNECTION_STRING: ${{ secrets.DIGGER_AZURE_CONNECTION_STRING_SBX }}
# sandbox
DIGGER_AZURE_CONNECTION_STRING_SBX: ${{ secrets.DIGGER_AZURE_CONNECTION_STRING_SBX }}
ARM_CLIENT_ID_SBX: ${{ secrets.ARM_CLIENT_ID_SBX }}
ARM_CLIENT_SECRET_SBX: ${{ secrets.ARM_CLIENT_SECRET_SBX }}
ARM_SUBSCRIPTION_ID_SBX: ${{ secrets.ARM_SUBSCRIPTION_ID_SBX }}
# dev
DIGGER_AZURE_CONNECTION_STRING_DEV: ${{ secrets.DIGGER_AZURE_CONNECTION_STRING_DEV }}
ARM_CLIENT_ID_DEV: ${{ secrets.ARM_CLIENT_ID_DEV }}
ARM_CLIENT_SECRET_DEV: ${{ secrets.ARM_CLIENT_SECRET_DEV }}
ARM_SUBSCRIPTION_ID_DEV: ${{ secrets.ARM_SUBSCRIPTION_ID_DEV }}
and here digger.yml:
---
projects:
- name: sbx
dir: ./sbx/
workflow: sbx
terraform_plan_args: "-var-file=terraform.tfvars"
terraform_apply_args: "-var-file=terraform.tfvars"
- name: dev
dir: ./dev/
workflow: dev
terraform_plan_args: "-var-file=terraform.tfvars"
terraform_apply_args: "-var-file=terraform.tfvars"
workflows:
sbx:
env_vars:
state:
- name: DIGGER_AZURE_CONNECTION_STRING
value_from: DIGGER_AZURE_CONNECTION_STRING_SBX
- name: ARM_CLIENT_ID
value_from: ARM_CLIENT_ID_SBX
- name: ARM_CLIENT_SECRET
value_from: ARM_CLIENT_SECRET_SBX
- name: ARM_SUBSCRIPTION_ID
value_from: ARM_SUBSCRIPTION_ID_SBX
commands:
- name: DIGGER_AZURE_CONNECTION_STRING
value_from: DIGGER_AZURE_CONNECTION_STRING_SBX
- name: ARM_CLIENT_ID
value_from: ARM_CLIENT_ID_SBX
- name: ARM_CLIENT_SECRET
value_from: ARM_CLIENT_SECRET_SBX
- name: ARM_SUBSCRIPTION_ID
value_from: ARM_SUBSCRIPTION_ID_SBX
dev:
env_vars:
state:
- name: DIGGER_AZURE_CONNECTION_STRING
value_from: DIGGER_AZURE_CONNECTION_STRING_DEV
- name: ARM_CLIENT_ID
value_from: ARM_CLIENT_ID_DEV
- name: ARM_CLIENT_SECRET
value_from: ARM_CLIENT_SECRET_DEV
- name: ARM_SUBSCRIPTION_ID
value_from: ARM_SUBSCRIPTION_ID_DEV
commands:
- name: DIGGER_AZURE_CONNECTION_STRING
value_from: DIGGER_AZURE_CONNECTION_STRING_DEV
- name: ARM_CLIENT_ID
value_from: ARM_CLIENT_ID_DEV
- name: ARM_CLIENT_SECRET
value_from: ARM_CLIENT_SECRET_DEV
- name: ARM_SUBSCRIPTION_ID
value_from: ARM_SUBSCRIPTION_ID_DEV
DIGGER_AZURE_CONNECTION_STRING is ignored if passed in digger.yml env_vars, however it works fine if i pass it to the workflow itself.
The problem is that it comes from the storage account, which is different in each project so i can't use a common one
Yes, I could use a common storage account for all projects, I have done it in the past on other cloud platforms, but it's not possible in my case right now.
here is the error message
WARN running in 'backendless' mode - features that require backend will not be available
INFO Using Azure lock provider
Failed to create lock provider. you must set 'DIGGER_AZURE_CONNECTION_STRING' when using connection string authentication
Error: Process completed with exit code 2.
Any idea/workaround/misconfiguration my end?
Open to ideas on how to shuffle the code around differently, or use different methods.. i have a separate issue open for the client secret auth, i couldn't get it to work either.. i'd just like to use digger for azure too, i'm not too bothered about 'how', i'm flexible to an extent :)
Thanks!