Terraform : depends_on argument not creating the specified resource first

Question

I want to push the terraform state file to a github repo. The file function in Terraform fails to read .tfstate files, so I need to change their extension to .txt first. Now to automate it, I created a null resource which has a provisioner to run the command to copy the tfstate file as a txt file in the same directory. I came across this 'depends_on' argument which lets you specify if a particular resource needs to be made first before running the current. However, it is not working and I am straight away getting the error that 'terraform.txt' file doesn't exit when the file function demands it.

provider "github" {
  token = "TOKEN"
  owner = "USERNAME"
}

resource "null_resource" "tfstate_to_txt" {
  provisioner "local-exec" {
    command = "copy terraform.tfstate terraform.txt"
  }
}

resource "github_repository_file" "state_push" {
  repository = "TerraformStates"
  file       = "terraform.tfstate"
  content    = file("terraform.txt")

  depends_on = [null_resource.tfstate_to_txt]
}

Answer 1

depends_on does not really work with null_resource.provisioner.

here's a workaround that can help you :

   resource "null_resource" "tfstate_to_txt" {
        provisioner "local-exec" {
        command = "copy terraform.tfstate terraform.txt"
         }
       }
        
   resource "null_resource" "delay" {
        provisioner "local-exec" {
            command = "sleep 20"
         }
        triggers = {
            "before" = null_resource.tfstate_to_txt.id
         }
        }
  resource "github_repository_file" "state_push" {
        repository = "TerraformStates"
        file       = "terraform.tfstate"
        content    = file("terraform.txt")
        depends_on = ["null_resource.delay"]
       }       


   

the delay null resource will make sure the resource 2 runs after the first if the copy command takes more time just change the sleep to higher number

Answer 2

The documentation for the file function explains this behavior:

This function can be used only with files that already exist on disk at the beginning of a Terraform run. Functions do not participate in the dependency graph, so this function cannot be used with files that are generated dynamically during a Terraform operation. We do not recommend using dynamic local files in Terraform configurations, but in rare situations where this is necessary you can use the local_file data source to read files while respecting resource dependencies.

This paragraph also includes a suggestion for how to get the result you wanted: use the local_file data source, from the hashicorp/local provider, to read the file as a resource operation (during the apply phase) rather than as part of configuration loading:

resource "null_resource" "tfstate_to_txt" {
  triggers = {
    source_file = "terraform.tfstate"
    dest_file   = "terraform.txt"
  }

  provisioner "local-exec" {
    command = "copy ${self.triggers.source_file} ${self.triggers.dest_file}"
  }
}

data "local_file" "state" {
  filename = null_resource.tfstate_to_txt.triggers.dest_file
}

resource "github_repository_file" "state_push" {
  repository = "TerraformStates"
  file       = "terraform.tfstate"
  content    = data.local_file.state.content
}

---

Please note that although the above should get the order of operations you were asking about, reading the terraform.tfstate file while Terraform running is a very unusual thing to do, and is likely to result in undefined behavior because Terraform can repeatedly update that file at unpredictable moments throughout terraform apply.

If your intent is to have Terraform keep the state in a remote system rather than on local disk, the usual way to achieve that is to configure remote state, which will then cause Terraform to keep the state only remotely, and not use the local terraform.tfstate file at all.