[#115624569] Workaround terraform codecommit issue with default_branch property #177
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Terraform codecommit resource[1] has a bug managing the default_branch
property.
Although this property is optional, terraform will try to manage it.
If defined, codecommit will fail during creation:
BranchDoesNotExistException: refs/heads/master does not exist
Meanwhile if default_branch is defined, codecommit it will fail as soon
as a branch is pushed to the repository. The reason is that AWS enforces
having at least one branch as default branch, failing when terraform is
trying to set it empty:
* aws_codecommit_repository.concourse-pool: Error Updating Default
* Branch for CodeCommit Repository: InvalidParameter: 1 validation
* errors:
- field too short, minimum length 1: DefaultBranchName
This will be reported upstream, but meanwhile we will workaround it by
passing the default branch as a variable, and quering it using awscli.
If the respository does not exist or does not have default branch, the
variable will be set to empty string "".
|
Haven't tested, but this look reasonable given the circumstances 👌 |
|
I did a PR on terraform to fix the issue, although I am not sure if this is the right way to implement it: hashicorp/terraform#5904 One alternative can be just use the patched version and bundle it in the terraform container, but it that case we will have a dependency on that branch. |
After adding the job lock pipeline, which bumps the pipeline-trigger resource, it is not required that init to do the same.
|
works well, merging |
richardTowers
added a commit
that referenced
this pull request
Apr 26, 2019
Full diff: alphagov/paas-admin@v0.82.0...v0.94.0 Contains the following PRs by human beings: - #146 Stub APIs needed for the calculator - #148 Request logging - #160 Use javascript naming for request log interceptor - #173 Support: Fix bug showing allocations - #180 Skip calculator getQuote if there are no items - #181 Remove low-value, flakey test And the following dependabot specials: - #161 Bump nunjucks from 3.1.3 to 3.2.0 - #165 Bump glob from 7.1.2 to 7.1.3 - #164 Bump @types/source-map-support from 0.4.1 to 0.5.0 - #162 Bump webpack-cli from 3.1.0 to 3.3.1 - #170 Bump pino from 5.1.0 to 5.12.3 - #169 Bump @types/jest from 23.3.1 to 24.0.11 - #168 Bump nodemon-webpack-plugin from 4.0.3 to 4.0.8 - #167 Bump express-static-gzip from 1.1.1 to 1.1.3 - #166 Bump @types/uuid from 3.4.3 to 3.4.4 - #163 Bump @types/helmet from 0.0.38 to 0.0.43 - #174 Bump tslint-microsoft-contrib from 5.2.0 to 6.1.1 - #175 Bump qs from 6.5.2 to 6.7.0 - #176 Bump moment from 2.22.2 to 2.24.0 - #177 Bump jest from 23.5.0 to 23.6.0 - #178 Bump @types/passport from 0.4.6 to 1.0.0 - #179 Bump jest and ts-jest
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#115624569 Implement locking for pipelines
What?
We did not catch this issue in the PR #173.
Terraform codecommit resource[1] has a bug managing the default_branch
property: hashicorp/terraform#5641
Although this property is optional, terraform will try to manage it.
If defined, codecommit will fail during creation:
Meanwhile if default_branch is defined, codecommit it will fail as soon
as a branch is pushed to the repository. The reason is that AWS enforces
having at least one branch as default branch, failing when terraform is
trying to set it empty:
Scope
This issue will be reported upstream, but meanwhile we will workaround it by
passing the default branch as a variable, and quering it using awscli.
If the respository does not exist or does not have default branch, the
variable will be set to empty string "".
We additionally remove the bump of the
pipeline-triggerin the init job, which is not required anymore.How to test
Running from a environment without an associated codecommit git pool-resource
respository:
SELF_UPDATE_PIPELINE=false BRANCH=$(git rev-parse --abbrev-ref HEAD) make dev bootstrap DEPLOY_ENV=...concourse-terraform(the rest are not relevant)concourse-terraformshould finnish OKterraform applyoutput for the resourceaws_codecommit_repository.concourse-poolshould not refer to anydefault_branchconcourse-terraformit should end OK.lock-pipelinejob increate-bosh-cloudfoundrya. Upload the pipelines:
SELF_UPDATE_PIPELINE=false BRANCH=$(git rev-parse --abbrev-ref HEAD) make dev pipelines DEPLOY_ENV=...b. This will create a initial branch in the codecommit repo.
concourse-terraformWho?
Anyone but @keymon