terraformの公式イメージをgitlab-ciで使うときの注意点

はじめに

terraformの公式イメージを使って、gitlab-ciを実行するときに地味にハマったので注意点書く

使用した .gitlab-ci.yml

.gitlab-ci.yml(修正前)

image: 
  name: hashicorp/terraform:latest

stages: 
  - terraform_validate
  - terraform_plan
  - terraform_apply

before_script:
  - terraform init --upgrade

validate:
  stage: terraform_validate
  script:
    - terraform --version
    - terraform validate

plan:
  stage: terraform_plan
  script: 
    - terraform plan --parallelism=30 -out "planfile"
  artifacts:
    paths:
      - ./planfile

apply:
  stage: terraform_apply
  script: 
    - terraform apply -input=false "planfile"
  dependencies:
    - plan
  when: manual

これを実行した結果

Terraform Commands(CLI)にあるような、terraformコマンドを実行した結果が出てる。

In erroneous cases, a non-zero exit status will be returned.

と書いてあるように、0以外のstatusが返ってきてるため、エラーとなって終了している。

Usage: terraform [-version] [-help] <command> [args]

The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.

Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management

All other commands:
    0.12upgrade        Rewrites pre-0.12 module source code for v0.12
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    push               Obsolete command for Terraform Enterprise legacy (v1)
    state              Advanced state management
Usage: terraform [-version] [-help] <command> [args]

The available commands for execution are listed below.
The most common, useful commands are shown first, followed by
less common or more advanced commands. If you're just getting
started with Terraform, stick with the common commands. For the
other commands, please read the help and docs before usage.

Common commands:
    apply              Builds or changes infrastructure
    console            Interactive console for Terraform interpolations
    destroy            Destroy Terraform-managed infrastructure
    env                Workspace management
    fmt                Rewrites config files to canonical format
    get                Download and install modules for the configuration
    graph              Create a visual graph of Terraform resources
    import             Import existing infrastructure into Terraform
    init               Initialize a Terraform working directory
    output             Read an output from a state file
    plan               Generate and show an execution plan
    providers          Prints a tree of the providers used in the configuration
    refresh            Update local state file against real resources
    show               Inspect Terraform state or plan
    taint              Manually mark a resource for recreation
    untaint            Manually unmark a resource as tainted
    validate           Validates the Terraform files
    version            Prints the Terraform version
    workspace          Workspace management

All other commands:
    0.12upgrade        Rewrites pre-0.12 module source code for v0.12
    debug              Debug output management (experimental)
    force-unlock       Manually unlock the terraform state
    push               Obsolete command for Terraform Enterprise legacy (v1)
    state              Advanced state management
ERROR: Job failed: exit code 127

理由

dockerhubのdockerfileをよく見ろということだ。

下記にあるように、 ENTRYPOINT ["terraform"]となっている。
そりゃ、terraformコマンドを実行するわけだ。

FROM golang:alpine
MAINTAINER "HashiCorp Terraform Team <terraform@hashicorp.com>"

ENV TERRAFORM_VERSION=0.10.0

RUN apk add --update git bash openssh

ENV TF_DEV=true
ENV TF_RELEASE=true

WORKDIR $GOPATH/src/github.com/hashicorp/terraform
RUN git clone https://github.com/hashicorp/terraform.git ./ && \
    git checkout v${TERRAFORM_VERSION} && \
    /bin/bash scripts/build.sh

WORKDIR $GOPATH
ENTRYPOINT ["terraform"]

結果

何でもいいから、entrypointを取り敢えず上書きするようにしておく。

.gitlab-ci.yml(修正後)

image: 
  name: hashicorp/terraform:latest
  entrypoint:
    - ''

stages: 
  - terraform_validate
  - terraform_plan
  - terraform_apply

before_script:
  - terraform init --upgrade

validate:
  stage: terraform_validate
  script:
    - terraform --version
    - terraform validate

plan:
  stage: terraform_plan
  script: 
    - terraform plan --parallelism=30 -out "planfile"
  artifacts:
    paths:
      - ./planfile

apply:
  stage: terraform_apply
  script: 
    - terraform apply -input=false "planfile"
  dependencies:
    - plan
  when: manual