When you try to modify the cron trigger from terraform, it creates a new trigger with the new settings but doesn't delete the old one.

Details:

Add a cron trigger and try to update it:

Terraform will perform the following actions:

  # codefresh_pipeline_cron_trigger.test will be updated in-place
  ~ resource "codefresh_pipeline_cron_trigger" "test" {
      ~ expression  = "*/1 * * * 1" -> "*/1 * * * 2"
        id          = "cron:codefresh:*/1 * * * 1:Example Cron Trigger:53be2183993e"
        # (2 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Apply:

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

codefresh_pipeline_cron_trigger.test: Modifying... [id=cron:codefresh:*/1 * * * 1:Example Cron Trigger:53be2183993e]
codefresh_pipeline_cron_trigger.test: Modifications complete after 1s [id=cron:codefresh:*/1 * * * 2:Example Cron Trigger:53be2183993e]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Two cron triggers now exist in the pipeline:

Expected Behavior:

Cron trigger object modified

Current behavior:

A new cron trigger is created, but the old one isn’t deleted.

Howdy!

Cloudflare has what I'm looking for from you guys, basically a datasource I can use that just spits out a list of IP address' you're currently using

It's not too complex from the looks of it, just a call to the text file list, and then expose it as a List.

Link to cloudflare Implementation - this should be less painful now that there is a text file specifically with these IP's Resolved here

Let me know!

After I've moved to Registry Codefresh Provider and run terraform init the Terraform returns the error below:

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Finding codefresh-io/codefresh versions matching "0.0.19"...
- Finding codefresh.io/app/codefresh versions matching "0.0.19"...
- Installing codefresh-io/codefresh v0.0.19...
- Installed codefresh-io/codefresh v0.0.19 (signed by a HashiCorp partner, key ID 2CBA2F3A84CED39F)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
╷
│ Error: Invalid provider registry host
│ 
│ The host "codefresh.io" given in in provider source address "codefresh.io/app/codefresh" does not offer a Terraform provider registry.
╵

My configuration files:

provider.tf:

provider "codefresh" {
  api_url = "https://g.codefresh.io/api"
  token   = var.codefresh_token
}

versions.tf:

terraform {
  required_version = ">= 0.15"

  required_providers {
    codefresh = {
      version = "0.0.19"
      source  = "codefresh-io/codefresh"
    }
  }
}

If I follow the README.md instructions, downloading and install locally, the command works fine.
https://github.com/codefresh-io/terraform-provider-codefresh#using-the-provider

See: https://github.com/codefresh-io/terraform-provider-codefresh/blob/master/codefresh/resource_api_key.go#L32

To reproduce:

• create a pipeline
• update the pipeline, terraform apply
• update the pipeline again, terraform apply
• The "PIPELINE_OUTDATED_ERROR" message is received on the second apply

Raw Error:
Error: 400 Bad Request, {"status":400,"code":"4204","name":"PIPELINE_OUTDATED_ERROR","message":"Error: You are editing an outdated pipeline. Please refresh the state of the pipeline","context":{}}

Plan Output:

# codefresh_pipeline.test will be updated in-place                                                                 
~ resource "codefresh_pipeline" "test" {                                                                           
      id         = "5f62f35052f3ce154a2f198b"                                                                      
      name       = "myproject/gcp-bucket"                                                                          
    - project_id = "5f62f34e52f3ce848d2f1989" -> null                                                              
    - revision   = 1 -> null

I didn't see an existing issue, so I thought I'd open an issue to track building an arm64 (Apple Silicon) binary for macOS.

After migrating to a new Mac, I have seen at least one issue using Terraform almost straight away:

╷
│ Error: Incompatible provider version
│ 
│ Provider registry.terraform.io/codefresh-io/codefresh v0.0.22 does not have a package available for your current platform, darwin_arm64.
│ 
│ Provider releases are separate from Terraform CLI releases, so not all providers are available for all platforms. Other versions of this provider may have different platforms
│ supported.
╵

Terraform Version:

Terraform v1.1.4
on darwin_arm64
+ provider registry.terraform.io/codefresh-io/codefresh v0.0.22

Provider version: 0.18
Terraform version: 0.12.31

When creating an inline pipeline YAML from a YAML file via Terraform it seems like some string substitution is happening from < to <.

This is breaking commands for steps.

Example line cat <"${CF_VOLUME_PATH}/${CF_BUILD_ID}/${WORKING_DIR}/${ORG}.vars.list"

Results in the error: /bin/bash: line 67: lt: command not found

When I reapply the pipeline changes it and replaces the < back to <.

Attempts to use codefresh_registry to declare Google registries ( GCR or GAR ) return error

{"status":500,"code":"1001","name":"INTERNAL_SERVER_ERROR","message":"Internal server error","context":{}}

Using the same google service account key in the codefresh interface works normally.

IMPORT

Import works at first, but when detecting spec gar or gcr it tries to recreate the resource, and again INTERNAL_SERVER_ERROR error occurs.

Note, importing without declaring the spec is accepted, which I find strange because it should always ask for the registry type.

Simplified terraform code of what is being used for those who want to recreate the error.

`

MAIN

    resource "google_service_account" "project_service_account" {
      account_id   = "sa-${var.project_id}"
      display_name = "Project - Default Service Account"
    
      project = google_project.main.project_id
    }
    
    resource "google_service_account_key" "project_service_account_key" {
      service_account_id = google_service_account.project_service_account.name
    }
    
    #Export service account key for sensitive variable
    locals {
    
      project_service_account_key = base64decode(google_service_account_key.project_service_account_key.private_key)
    
    }

MODULE

  resource "codefresh_registry" "gar-registry" {
      name = "test-registry"
      default = "true"
  
      spec {
          gar {
            # BackLog ERROR: INTERNAL_SERVER_ERROR
              keyfile = var.project_service_account_key
              #domain = "gcr.io"
              location = "us-east1"
              #repository_prefix = var.application_name
          }
      }
  }

`

When description was provided in spec as per the API we received an error.

An argument named "description" is not expected here.  

What happened?

codefresh_permission does not respect "related_resource"

Inserting the "related_resource" parameter in the codefresh_permission resource with the value "project" has no effect, the rule continues to be created for "related" pipelines.
No error messages are reported.

This occurs when creating permissions with a resource of type resource = "pipeline".

It should create the pipeline permission with informed project tags.

Version

Provider Codefresh 0.10.0
Terraform v1.9.1

Relevant Terraform Configuration

resource "codefresh_permission" "admin" {

  team = codefresh_team.admin.id
  resource = "pipeline"
  action = "run"
  related_resource = "project"
  tags = [
      "platform_project",
      "test_project"
    ]
}

Hello,

Currently, the users are being created by using the "/admin/accounts/addpendinguser" API endpoint. This endpoint, is only usable for Codefresh admin accounts. See: https://github.com/codefresh-io/terraform-provider-codefresh/blob/master/client/user.go
It would be useful to add user creation support to the non-admin users by using the "/api/accounts/{accountId}/adduser" API endpoint. See: https://g.codefresh.io/api/#operation/accounts-add-user-to-account

Thanks

I'm using GKE but I don't want to link it to my CodeFresh account because I'm not comfortable with the GCP scopes that CF requires, so I was hoping to configure each cluster separately in Terraform, but that doesn't seem to be supported by this provider (nor the CodeFresh API).

For the time being I'll have to configure it manually, which isn't ideal because some clusters are short-lived.

The suggestion is to include two new datasources,

codefresh_pipeline (returns the complete data for a specific pipeline)

      data "codefresh_pipeline" "test" {
             name = "test"
       }

codefresh_pipelines (returns summaries of all pipelines)

      data "codefresh_pipelines" "list" {
             filter = { name : "^~ test" }
       }

What happened?

When trying to use the codefresh_current_account data source with any provider version above 0.1.2 (0.1.2 works), a 403 error is returned:

{"status":403,"code":"2400","name":"FORBIDDEN_ERROR","message":"Required role: 'Admin' is not included in the user
roles: [User]","context":{"requiredRole":"Admin","userRoles":["User"]}}

I am using a token that is an account admin, so would expect to be able to use this. However am unsure if this data source is intended to only be able to be used by a token that is a Codefresh level admin, rather than just an account admin.

Version

0.2.0+

Relevant Terraform Configuration

terraform {
  required_providers {
    codefresh = {
      source = "codefresh-io/codefresh"
      version = "0.6.0"
    }
  }
}

data "codefresh_current_account" "acc" {

}

Pipeline does not support CRON triggers.

We need to add this additional trigger type to support pipelines using CRON triggers.

It seems like there's no resource for shared configuration and pipeline variables are all in plaintext, with no option to encrypt them.

Hi,

It would be nice, if this repo would switch to semantic versions, so we can use this repo as go module -> https://go.dev/blog/publishing-go-modules

Every required module in a go.mod has a [semantic version](https://semver.org/), the minimum version of that dependency to use to build the module.

A semantic version has the form vMAJOR.MINOR.PATCH.

Currently, I get following error message:

go get github.com/codefresh-io/[email protected]
go: github.com/codefresh-io/[email protected]: reading github.com/codefresh-io/terraform-provider-codefresh/go.mod at revision v0.0.24: unknown revision v0.0.24

I think the current setup is too complicated, especially for those of us using Terraform Cloud as that makes things even more complicated we have to host the compiled provider in a private registry.

The API that describes teams lists the members of those teams.
The members of those teams used to have both keys id and _id, now only _id is returned.
This breaks the terraform provider because when it gets the list of current users to generate a diff it unmarshals id thus all users have an ID of "".
Therefore when terraform is checking for changes it tries to delete the user will id "" and add all the users back.
The API returns an error because the user ID is no supplied in the delete API call and terraform crashes.

The solution is to either unmarshal _id into the ID property or for codefresh to once again return id in the API response

Site https://registry.terraform.io/providers/codefresh-io/codefresh/latest/docs no mention of Data Source

In addition, it would be interesting to expand the Data Source

Example create a data source for codefresh_project (currently even in the docs a "go horse" with variables is used)
Example.
data.codefresh_project.test.name

It's unclear if this is possible or not, but the code/docs seems to indicate I should be able to do it. I'm generating code in terraform and yaml encoding it to pass to terraform.

resource "codefresh_pipeline" "schedule_all" {
  for_each = toset(["syndio/syndio", "syndio/ce"])

  name = "${codefresh_project.syndio_codefresh_project.name}/Schedule All (${each.key}) Pipelines"

  original_yaml_string = yamlencode({
    version = "1.0"
    stages  = ["deploy"]
    steps = {
      schedule_all_pipelines = {
        type  = "parallel"
        title = "Schedule All Pipelines"
        steps = { for p in local.pipelines : lower(replace("schedule_${p.name}", " ", "_")) => {
          title = "Schedule ${p.name}"
          stage = "deploy"
          type  = "codefresh-run"
          arguments = {
            PIPELINE_ID = "${codefresh_project.syndio_codefresh_project.name}/${p.name}"
            DETACH      = true
            BRANCH      = "$${{CF_BRANCH}}"
            SHA         = "$${{CF_REVISION}}"
            TRIGGER_ID  = each.key
          }
        } if p.repo == each.key }
      }
    }
  })

  spec {
    concurrency = 1
    pack_id     = local.machine_types["small"]

    trigger {
      name          = each.key
      description   = "Manual Branch Trigger"
      type          = "git"
      provider      = "github"
      repo          = each.key
      disabled      = true
      context       = "syndio"
      branch_regex  = "/.*/gi"
      comment_regex = "/.*/gi"
      events = [
        "push.heads"
      ]
    }
  }
}

this generates an API request which faills w/ the following error

module.syndio_codefresh.codefresh_pipeline.schedule_all["syndio/syndio"]: Creating...
module.syndio_codefresh.codefresh_pipeline.schedule_all["syndio/ce"]: Creating...

Error: 500 Internal Server Error, {"status":500,"code":"1001","name":"INTERNAL_SERVER_ERROR","message":"500 - {\"message\":\"Error: Can't get project; caused by Error: Can't get project\"}","context":{}}



Error: 500 Internal Server Error, {"status":500,"code":"1001","name":"INTERNAL_SERVER_ERROR","message":"500 - {\"message\":\"Error: Can't get project; caused by Error: Can't get project\"}","context":{}}

one of the api request bodies sent to codefresh is

Headers: 

{
  "correlationId": "7b00cd5a3f39c17a3b2a09ba94138efa, 7b00cd5a3f39c17a3b2a09ba94138efa"
}

Body: 

{
  "metadata": {
    "name": "Staging/Deploy All (syndio/ce)",
    "labels": {},
    "originalYamlString": "\"deploy_all_pipelines\":\n  \"steps\":\n    \"steps\":\n      \"schedule_payeq_deploy\":\n        \"arguments\":\n          \"BRANCH\": \"${{CF_BRANCH}}\"\n          \"DETACH\": true\n          \"PIPELINE_ID\": \"Staging/PayEQ Deploy\"\n          \"SHA\": \"${{CF_REVISION}}\"\n          \"TRIGGER_ID\": \"syndio/ce\"\n        \"stage\": \"deploy\"\n        \"title\": \"Schedule PayEQ Deploy\"\n        \"type\": \"codefresh-run\"\n  \"title\": \"Schedule All Pipelines\"\n  \"type\": \"parallel\"\n\"stages\":\n- \"deploy\"\n\"version\": \"1.0\"\n"
  },
  "spec": {
    "triggers": [
      {
        "name": "syndio/ce",
        "description": "Manual Branch Trigger",
        "type": "git",
        "repo": "syndio/ce",
        "events": [
          "push.heads"
        ],
        "branchRegex": "/.*/gi",
        "branchRegexInput": "regex",
        "commentRegex": "/.*/gi",
        "provider": "github",
        "disabled": true,
        "context": "syndio"
      }
    ],
    "concurrency": 1,
    "steps": {},
    "stages": [
      "deploy"
    ],
    "runtimeEnvironment": {},
    "hooks": {}
  }
}

This looks incorrect when compared to working requests from the codefresh cli. Since giving a spec directly (not repo sourced) doesn't seem to be exposed in any way other than giving the original_yaml_string and letting the provider handle it.

Currently it is impossible to setup external resource for pipeline via Terraform configuration

I have a terraform project to manage the codefresh pipeline. It was working fine with provide version 0.0.19.

With version 0.0.20, I could see there is a feature to enable notification in the pipeline using terraform. So I have upgraded to plugin to 0.0.20. I have added below piece of code to enable notification in my pipeline under trigger block.

options {
    enable_notifications = true
  }

I could see terraform plan is completed successfully. It is showing the resource to be modified. But when I am running the terraform apply, it is crashing the plugin with the below error.

2021-11-03T20:02:22.810+1100 [ERROR] plugin.(*GRPCProvider).ApplyResourceChange: error="rpc error: code = Unavailable desc = transport is closing"
╷
│ Error: Plugin did not respond
│ 
│   with codefresh_pipeline.pipeline["bff"],
│   on pipeline.tf line 28, in resource "codefresh_pipeline" "pipeline":
│   28: resource "codefresh_pipeline" "pipeline" {
│ 
│ The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
╵

Stack trace from the terraform-provider-codefresh_v0.0.20 plugin:

panic: interface conversion: interface {} is bool, not string

goroutine 98 [running]:
github.com/codefresh-io/terraform-provider-codefresh/codefresh.mapResourceToPipeline(0xc000114180, 0xc000424000)
        /codefresh/volume/terraform-provider-codefresh/codefresh/resource_pipeline.go:696 +0x2f8f
github.com/codefresh-io/terraform-provider-codefresh/codefresh.resourcePipelineUpdate(0xc000114180, 0x185af60, 0xc0002340c0, 0x0, 0xffffffffffffffff)
        /codefresh/volume/terraform-provider-codefresh/codefresh/resource_pipeline.go:405 +0x5e
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).update(0xc0002cefd0, 0x19891a0, 0xc0006b8280, 0xc000114180, 0x185af60, 0xc0002340c0, 0x0, 0x0, 0x0)
        /go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:293 +0x88
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc0002cefd0, 0x19891a0, 0xc0006b8280, 0xc000212150, 0xc000357c80, 0x185af60, 0xc0002340c0, 0x0, 0x0, 0x0, ...)
        /go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:395 +0x392
github.com/hashicorp/terraform-plugin-sdk/v2/internal/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc000284200, 0x19891a0, 0xc0006b8280, 0xc000212000, 0xc000284200, 0xc000284210, 0x1896ce0)
        /go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/helper/plugin/grpc_provider.go:952 +0x8b2
github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ApplyResourceChange_Handler.func1(0x19891a0, 0xc0006b8280, 0x18273e0, 0xc000212000, 0xc0006b8280, 0x17ac5c0, 0xc00008e401, 0xc000794620)
        /go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3312 +0x86
github.com/hashicorp/terraform-plugin-sdk/v2/plugin.Serve.func3.1(0x1989260, 0xc00064e8a0, 0x18273e0, 0xc000212000, 0xc000794600, 0xc000794620, 0xc00070eb78, 0x108de68, 0x17ff360, 0xc00064e8a0)
        /go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/plugin/serve.go:76 +0x87
github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x18354c0, 0xc000284200, 0x1989260, 0xc00064e8a0, 0xc00008e4e0, 0xc000284820, 0x1989260, 0xc00064e8a0, 0xc00014e600, 0x123f)
        /go/pkg/mod/github.com/hashicorp/terraform-plugin-sdk/[email protected]/internal/tfplugin5/tfplugin5.pb.go:3314 +0x14b
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000582900, 0x198ffe0, 0xc000583800, 0xc00081a000, 0xc000194de0, 0x1e8d080, 0x0, 0x0, 0x0)
        /go/pkg/mod/google.golang.org/[email protected]/server.go:1024 +0x501
google.golang.org/grpc.(*Server).handleStream(0xc000582900, 0x198ffe0, 0xc000583800, 0xc00081a000, 0x0)
        /go/pkg/mod/google.golang.org/[email protected]/server.go:1313 +0xd3d
google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc00028e1d0, 0xc000582900, 0x198ffe0, 0xc000583800, 0xc00081a000)
        /go/pkg/mod/google.golang.org/[email protected]/server.go:722 +0xa1
created by google.golang.org/grpc.(*Server).serveStreams.func1
        /go/pkg/mod/google.golang.org/[email protected]/server.go:720 +0xa1

Error: The terraform-provider-codefresh_v0.0.20 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Hi,

Is there any chance we might see support for pipeline triggers that are defined outside of the codefresh_pipeline block?

Being able to do something like this would be wonderful:

resource "codefresh_trigger" "my_trigger" {
    branch_regex  = "/.*/gi"
    context            = "git"
    description      = "Trigger for tags"
    disabled           = false
    events              = [
      "push.tags"
    ]
    modified_files_glob = ""
    commit_status_title = "tags-trigger"
    name                = "tags"
    provider            = "github"
    repo                = "codefresh-contrib/react-sample-app"
    type                = "git"
}

resource "codefresh_trigger_attachment" "my_trigger_attachment" {
    trigger_id  = codefresh_trigger.my_trigger.id
    pipeline_id = codefresh_pipeline.my_pipeline.id
}

Cheers

When manually removing a resource that the codefresh provider has created, instead of it recreating the removed resource on the next plan/apply, it throws an error (404) and halts plan/apply.

I've noticed this for a pipeline, but I suspect it might affect other resources too.

The refreshed state will be used to calculate this plan, but will not be                                                                                                                         
persisted to local or remote state storage.   

codefresh_pipeline.pipelines["..."]: Refreshing state... [id=60adecb19acab6d815ff60d3]                        
                                                                  
Error: 404 Not Found, {"status":404,"code":"4201","name":"PIPELINE_NOT_FOUND_ERROR","message":"Could not find pipeline: 60adecb19acab6d815ff60d3","context":{"id":"60adecb19acab6d815ff60d3"}}

I was trying to configure runtime to use "Medium" SAAS node, but couldn't find a suitable name for:

resource "codefresh_pipeline" "agiletoolkit-org" {

   # snip

    runtime_environment {
      name = "system/default"  # ?
      cpu = 2
    }
  }
}

I also couldn't find this from codefresh cli:

$ codefresh get runtime-environments
no available resources

Please provide example (I can create PR to expand documentation)

What happened?

After manually removing a resource from codefresh, a subsequent terraform run errors out bc the API respond that the resource no longer exists. The TF provider should instead handle this to mean that the resource no longer exists and then tries to recreate it.

TF error:

╷
│ Error: 500 Internal Server Error, {"status":500,"code":"1001","name":"INTERNAL_SERVER_ERROR","message":"Internal server error","context":{}}
│ 
│   with codefresh_registry.aws_ecr_prod_usw2,
│   on ecr.tf line 1, in resource "codefresh_registry" "aws_ecr_prod_usw2":
│    1: resource "codefresh_registry" "aws_ecr_prod_usw2" {
│ 
╵
[01H2TSVYBV0A9ZAWNQD8Q5TSHR] Unexpected exit code when planning changes: 1

Version

codefresh-io/codefresh v0.4.1

Relevant Terraform Configuration

# Apply this, delete the registry manually in codefresh, and then try to apply again
resource "codefresh_registry" "aws_ecr_prod_usw2" {
  default = true
  name    = "aws-ecr-prod-usw2"
  primary = true

  spec {
    ecr {
      access_key_id     = var.ecr_aws_access_key_id_prod_usw2
      region            = "us-west-2"
      secret_access_key = var.ecr_aws_secret_access_key_prod_usw2
    }
  }
}

When the cron expression is not valid, it will fail to apply the plan with a generic error message

unexpected end of JSON input

Trying to add a trigger with an invalid expression:

Terraform will perform the following actions:

  # codefresh_pipeline_cron_trigger.test will be created
  + resource "codefresh_pipeline_cron_trigger" "test" {
      + expression  = "*/1 * * * test"
      + id          = (known after apply)
      + message     = "Example Cron Trigger"
      + pipeline_id = "638dd23ef1882a1825e515d8"
    }
Plan: 1 to add, 0 to change, 0 to destroy.

Result:

codefresh_pipeline_cron_trigger.test: Creating...
╷
│ Error: unexpected end of JSON input

This makes it challenging to manage users in this team, as we cannot then add a user to this account since the "users" team is created when an account is created.

I propose that all users should be added to the "user" team by default.

Issue

Currently the terraform provider does not support encrypted pipeline variables.
This leads to constant drift in which when the TF provider reads the configuration it gets ***** as the variable's value.
To fix this, we can add a lifecycle block:

  lifecycle {
    ignore_changes = [
      spec[0].variables
    ]
  }

But any change to the pipeline will now result in all variables being changed to unencrypted, plain-text strings of *****.
And this destructive operation on the variables is not shown in the plan.

Deeper look into why this happens

There is no dedicated API to update specific parts of a pipeline's configuration. It's all wrapped in a single yaml file.
TF will call the read API and get a yaml of the whole pipeline.
This yaml is then decoded into the matching go struct.
When TF is ready to update the configuration, it has to regenerate a yaml file and upload that to codefresh control plane.

The issue is that when TF reads the configuration, it does not pass the 'decryptVariables' flag and thus it gets the ***** in the variables values (if they are encrypted)
TF does not understand the difference between encrypted and non-encrypted and so it puts ***** in the value when it regenerates the yaml to update the config, nor does it know to set the value as an encrypted type.

And because TF is writing the same value it's reading, it does not think there is a drift and thus does not show any changes in the plan.

Solution?

• The provider needs to use the decryptVariabls flag to retrieve the correct value.
• It needs to support setting variables as encrypted or not.

e.g. instead of passing a map of simple k=v, pass in a list of maps.

[
  {
    key       = "variable1"
    value     = "val1"
    encrypted = false (default)
  },
  {
    key       = "variable2"
    value     = "val2"
    encrypted = true
  }
]

• And of course, generate the pipeline configuration yaml accordingly.

What would you like to be added?

Currently no data source for project and the project resource outputs aren't documented?

It would be good to have a data resource for a project to perform validation before attempting to attach a pipeline to a project that may not exist.

Ran into a use case that burned a bit of time figuring out and would like to update the docs to save someone else time!

To set up a pipeline so the YAML is automatically pulled from the triggering branch like so:

    spec_template {
      repo     = "${var.github_org}/${codefresh_project.application.name}"
      path     = "./codefresh/${var.pipeline_template}"
      location = "git"
      revision = ""
    }

What happened?

When defining a Pipeline spec via original_yaml_string, it will fail to run:

Running Codefresh YAML validation                                                                                                                                
Yaml validation errors:                                                                                                                                          
                                                                                                                                                                 
 222  error     "true" is not allowed                                                                                                                            
 222  error     "true" is not allowed                                                                                                                            
 222  error     "steps" must be an array                                                                                                                         
                                                                                                                                                                 
✖ 3 problems (3 errors, 0 warnings)                                                                                                                              
Visit https://codefresh.io/docs/docs/codefresh-yaml/steps/approval/ for steps documentation 

Even though the validator passes:

$ codefresh validate codefresh.yml
Yaml is valid!

Seemingly this is because the spec attribute propagation logic in the pipeline resource, which exists in order to preserve the map ordering of steps, stages, and hooks, has a bug.

[
  {
    "metadata": {
      "name": "terrtest2/new-pipeline",
      "labels": {
        "tags": [
          "terraform-added"
        ]
      },
      "projectId": "64326387d0df5183bcd1fc24",
      "revision": 5,
      "originalYamlString": "version: \"1.0\"\nsteps:\n\n    test:\n      image: alpine\n      when:  \n        steps:\n          any:\n            - name: test1\n              on:\n                - failure\n            - name: test2\n              on:\n                - failure",
      "accountId": "631d9fb7ad511643e9a9d69d",
      "created_at": "2023-04-09T07:04:39.465Z",
      "updated_at": "2023-04-09T07:44:24.088Z",
      "project": "terrtest2",
      "shortName": "new-pipeline",
      "id": "64326387d0df519a1ad1fc25"
    },
    "spec": {
      "concurrency": 1,
      "stages": [],
      "runtimeEnvironment": {},
      "steps": {
        "test": {
          "image": "alpine",
          "when": {
            "steps": {
              "any": [
                {
                  "name": "test1",
                  "true": [
                    "failure"
                  ]
                },
                {
                  "name": "test2",
                  "true": [
                    "failure"
                  ]
                }
              ]
            }
          }
        }
      },
      "hooks": {},
      "triggers": [],
      "permitRestartFromFailedSteps": true
    },
    "version": "1.0",
    "kind": "pipeline"
  }
]

Version

0.3.1

Relevant Terraform Configuration

version: "1.0"
steps:
    test:
      image: alpine
      when:  
        steps:
          any:
            - name: test1
              on:
                - failure
            - name: test2
              on:
                - failure

resource "codefresh_project" "test" {
  name = "terrtest2"

  tags = [
    "terraform-changed",
  ]
}

resource "codefresh_pipeline" "test" {
  name    = "${codefresh_project.test.name}/new-pipeline"
 
  original_yaml_string = file("${path.module}/codefresh.yml")
  
  tags = [
    "terraform-added",
  ]

  spec {
    concurrency = 1
  }
}

Hi guys,
I cant really find where the terraform settings to update the advance options for trigger:

Can you please point out if this settings are available in terraform?

Cheers,
Tung

The changelog-from-release introduced in #90 GHA workflow isn't working because of the main branch being protected.

What would you like to be added?

Support for repo contexts (gitlab example)

Using the API it is possible to consult repos registered in codefresh, but the terraform provider does not support this context

API https://g.codefresh.io/api/contexts/gitlab

API response for git contexts

{
        "apiVersion": "v1",
        "kind": "context",
	"owner": "account",
	"metadata": {
		"default": true,
		"system": false,
		"name": "gitlab"
	},
	"spec": {
		"type": "git.gitlab",
		"data": {
			"sharingPolicy": "AllUsersInAccount",
			"auth": {
				"type": "basic",
				"password": "*****",
				"apiURL": "https://teste.com/api/v4/"
			},
			"behindFirewall": false,
			"sshClone": false,
			"secretStoreReferences": []
		}
	}
}

Would it be possible to add a data and resource to manage git repos in codefresh?

Exemple

resource "codefresh_context" "repos" {
    name = "gitlab"
    spec {
        git{ 
            gitlab {
                data = {
                   "auth_type = "basic"
                   "password" = "xxxxxx",
                   "apiURL" = "https://teste.com/api/v4/"
                   }
            }
    }
}

https://g.codefresh.io/api/#operation/repos-git-get-repo