-
-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
terraform validate: Force rerun t init
when plugin cache is enabled and parrallelism conflit happens
#640
Comments
I reckon @MaxymVlasov spent more than decent amount of time trying to implement locking for the TF init with plugin cache enabled and, since it was not quite implementable straightforwardly, the outcome was this code snippet: https://github.com/antonbabenko/pre-commit-terraform/pull/620/files#diff-a9db869be8201236cd6abaed19087fc571d29c10d679fc66bf945eba1a4ccd46R461-R483 (long story short: TF locks destination file and, if parallel TF init encounters error writing plugin, it will simply re-try) If you're hitting any issues with this implementation, please add details so that we can investigate.
That's a good shout by the way. We missed to check TF config for this parameter and relied upon env var only as far as I can see form the code snippet I mentioned above. @MaxymVlasov What do you think of adding logic for the |
Hey @yermulnik, thanks for the quick reply
Terraform validate.......................................................Failed
- hook id: terraform_validate
- exit code: 1
- files were modified by this hook
Command 'terraform init' successfully done: somedirectory
Validation failed: somedirectory
╷
│ Error: registry.terraform.io/hashicorp/google: the cached package for registry.terraform.io/hashicorp/google 4.84.0 (in .terraform/providers) does not match any of the checksums recorded in the dependency lock file
│
│
╵
Error: Terraform exited with code 1.
Command 'terraform init' successfully done: someotherdirectory
Lock terraform provider versions.........................................Passed
pre-commit hook(s) made changes.
If you are seeing this message in CI, reproduce locally with: `pre-commit run --all-files`.
To run `pre-commit` as part of git workflow, use `pre-commit install`.
All changes made by hooks:
diff --git a/somedirectory/.terraform.lock.hcl b/somedirectory/.terraform.lock.hcl
index bcd3d4ff..09cb469e 100644
--- a/somedirectory/.terraform.lock.hcl
+++ b/somedirectory/.terraform.lock.hcl
@@ -10,6 +10,7 @@ provider "registry.terraform.io/hashicorp/google" {
"h1:3qXFXgT2RAseuYW20OUqBLMeSuKt5tbpNI15GU5J7KE=",
"h1:FtmujB+frf40ztU300FEd/cnah5o/ZVItCTYk+Qj1Wo=",
"h1:PhC05RRIJi2iPLf9ny2JsYxVlhdC4LvXsuPfg4U/Pbg=",
+ "h1:RhnrI2jZIB6BmqGeP+lNXY5UqRKZp8QcuTz5CG3zPOo=",
"h1:W9PU6CJQSb0p6pL+OonuWrCW2HJITiIykQkrwCAgYnw=",
"h1:c4ksHVh0kRBFDvP3peYx99oZgh/afzOGxPJwdApcKBU=",
"h1:fybaK74buTd4Ys2CUZm6jw7NXtSqtcLoW2jeNB4Ff2E=", Btw if the automation is too complicated to implement, that's totally ok with me to close as wontfix. I mainly wanted to call out the problem, I think the minimum would be to document in the README that if the plugin cache is enabled then parallelism should be disabled for |
That's odd =( I might mixed up the bits about TF locking that I tried to recall from when Max was working on #620. When Max has a chance, he will add insights from his experience in #620 I guess.
Meanwhile would you be keen to contribute by outlining this in README? 🤞🏻 |
Okay, let's assume that
At the same time if you check README for - id: terraform_validate
args:
- --hook-config=--retry-once-with-cleanup=true # Boolean. true or false Also, README for |
If you think that such docs are confusing or not enough and you have ideas in which places there should be some extra mentions of that - please let us know. Ideally, via PR. |
Thank you @MaxymVlasov for the detailed reply
Since |
I tested it a few times on a repo with more than 200 lockfiles with paralelizm=64, and there were 0 problems. But whatever btw, init retries 10 times pre-commit-terraform/hooks/_common.sh Lines 470 to 484 in c29bdb1
|
t init
when plugin cache is enabled and parrallelism conflit happens
I'm consistently seeing this error using the hooks version
pre-commits config
|
What problem are you facing?
#620 introduces parallelism, this can lead to data races when the plugin cache is enabled, with
terraform init
writing in parallel to the cache, and creating corrupted providers (especially visible with the lock file where random provider hashes get appended).This can be worked around by setting the
--hook-config=--parallelism-limit=1
arg onterraform_validate
hook.How could pre-commit-terraform help solve your problem?
It would be nice if the hooks using
terraform init
(mostlyterraform_validate
, butterragrunt_providers_lock
has it deprecated too) could disable parallelism automatically when theTF_PLUGIN_CACHE_DIR
environment variable is set.Not sure if handling the case where
plugin_cache_dir
is set in the config file would be possible.The text was updated successfully, but these errors were encountered: