I am trying to use my private git repo as source for the terraform modules.
ssh public key has been copied over to github.
Tried following options as source but nothing worked:
Any help is greatly appreciated.
Referring to Private Github repos section on the following link didn't help either. https://github.com/alibaba/terraform-provider/blob/master/vendor/github.com/hashicorp/terraform/website/docs/modules/sources.html.markdown
Private GitHub Repos If you need Terraform to fetch modules from private GitHub repos, you must provide Terraform with credentials to authenticate as a user with read access to those repos.
If you run Terraform only on your local machine, you can specify the module source as an SSH URI (like [email protected]:hashicorp/example.git) and Terraform will use your default SSH key to authenticate.
If you use Terraform Enterprise, you can use SSH URIs. You'll need to add an SSH private key to your organization and assign it to any workspace that fetches modules from private repos. See the Terraform Enterprise docs about SSH keys for cloning modules.
If you need to run Terraform on a remote machine like a CI worker, you either need to write an SSH key to disk and set the GIT_SSH_COMMAND environment variable appropriately during the worker's provisioning process, or create a GitHub machine user with read access to the repos in question and embed its credentials into the modules' source parameters: module "private-infra" { source = "git::https://MACHINE-USER:[email protected]/org/privatemodules//modules/foo" } Note that Terraform does not support interpolations in the source parameter of a module, so you must hardcode the machine username and password if using this method.
Note: When installing a remote module, Terraform will download it into the . terraform directory in your configuration's root directory. When installing a local module, Terraform will instead refer directly to the source directory.
Modules on the public Terraform Registry can be referenced using a registry source address of the form <NAMESPACE>/<NAME>/<PROVIDER> , with each module's information page on the registry site including the exact address to use.
The . tf files in your working directory when you run terraform plan or terraform apply together form the root module. That module may call other modules and connect them together by passing output values from one to input values of another. To learn how to use modules, see the Modules configuration section.
In GitHub, go to "Actions", then select the pull request you just merged. Then, click on the "Terraform" workflow. Notice how the "Terraform Plan", "Update Pull Request" and "Terraform Plan Status" steps have been skipped. Expand the "Terraform Apply" step.
This worked for me
module "name_of_module" {
source = "git::https://<user>:<pat>@github.com/folder/terraform-azure-core-resource-group.git"
...
}
This worked for me:
~/.ssh/config
file has a block like this:Host USERNAME.github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa
.tf
file:module "name_of_module" {
source = "[email protected]:USERNAME/REPONAME.git//SUBDIR"
...
}
Things needed:
$ ssh-keygen -t rsa -b 4096 -C "[email protected]"
Note: If you configure the organizational secret to be available to specific repos, be sure to specify the repo that has the Terraform code that you are attempting to import.
- name: Terraform Init
id: init
run: terraform init
env:
GIT_SSH_COMMAND: "echo '${{ secrets.ORG_PRIVATE_SSH_KEY }}' > id_rsa
&& ssh-keyscan github.com > known_hosts
&& chmod 600 id_rsa known_hosts
&& ssh -i ./id_rsa -o UserKnownHostsFile=./known_hosts"
- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: terraform plan -no-color
continue-on-error: true
env:
GIT_SSH_COMMAND: "echo '${{ secrets.ORG_PRIVATE_SSH_KEY }}' > id_rsa
&& ssh-keyscan github.com > known_hosts
&& chmod 600 id_rsa known_hosts
&& ssh -i ./id_rsa -o UserKnownHostsFile=./known_hosts"
Reference/Credit: https://github.com/hashicorp/setup-terraform/issues/33
Note: There appears to be many ways to do such things when googling but I labored over this for weeks trying the various options and ultimately was able to do it with this AND I understood how it worked. :) I encourage feedback.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With