My .gitlab-ci.yml file is below. Im simply trying to terraform init, validate, and plan within my pipeline. I'm receiving the following error:
Executing "step_script" stage of the job script
00:00
Using docker image sha256:428cac597342f568220e125eb436e337e1dee1a952d9d7c0d4811d7bbd081751 for hashicorp/terraform:1.9.8 with digest hashicorp/terraform@sha256:18f9986038bbaf02cf49db9c09261c778161c51dcc7fb7e355ae8938459428cd ...
Terraform has no command named "sh". Did you mean "push"?
To see all of Terraform's top-level commands, run:
terraform -help
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1
Looking at the commands im using, im obviously not trying to use "sh" anywhere, so im not sure where that error is coming from. Im thinking its an underlining issue in my directory or settings.
stages:
- validate
- plan
variables:
TF_VERSION: "1.9.8" # Replace with your preferred version
AWS_REGION: "us-east-1"
# Validate Terraform files
validate:
image: hashicorp/terraform:${TF_VERSION}
stage: validate
script:
- terraform init
- terraform validate
only:
- main
# Generate Terraform Plan
plan:
image: hashicorp/terraform:${TF_VERSION}
stage: plan
before_script:
- apk add --no-cache python3 py3-pip # Install dependencies if needed
- pip install awscli # Install AWS CLI
- terraform init
script:
- terraform plan -out=tfplan
artifacts:
paths:
- tfplan
only:
- main
I created variables for my aws access/secret key. They are assigned to protected branches only, but i verified my main branch is a protected branch so i should be using these creds if needed (atleast i think thats the case).
I did block out my .tfstate files in my .gitignore file. Would that have something to do with this maybe?
Im a beginner with gitlab so im pretty lost. I tried examining the runner i was using. It looks like im using a docker runner which apparently usually comes pre-installed with the necessary dependencies to run terraform.
The issue arises because the hashicorp/terraform Docker image is minimalistic and designed to directly execute Terraform commands passed to it. By default, it assumes that the command following terraform is the subcommand to execute (e.g., plan, apply). If you try to execute non-Terraform commands, you’ll encounter errors like the one you experienced.
or if you want to keep them, you just have to use more general image and install terraform instead, before using it.
and you need to add the entrypoint in the terraform image in order to be able to access the shell:
name: hashicorp/terraform:${VERSION}
entrypoint: [""]
and now you'll be able to run any command.
If you check this link: https://hub.docker.com/r/hashicorp/terraform . you will see that that Docker image, was supposed to just get the command which is after the terraform.
docker run -i -t hashicorp/terraform:latest plan
that's why you got the error. so if you just had the terraform subcommand in the script like below:
script:
- init
- validate
it would work without any issue. now with updating the entrypoint you will be able to run any command. or you can just remove the terraform word before you commands, and keep it as it's (with removing the other non terraform commands).
add - set -x before the other commands, so you make sure that you'll get a more detailed debugging if needed in the future.
As a resume: if you need to run other commands, override the entrypoint or use a general-purpose image.