From 17ac4aac895be5bb559434638757e21d259d6e8b Mon Sep 17 00:00:00 2001 From: Henrik Knutsen <46495473+hknutsen@users.noreply.github.com> Date: Fri, 14 Nov 2025 11:29:48 +0100 Subject: [PATCH 1/4] refactor(terraform): generate unique artifact name by default There could be multiple jobs in a workflow deploying to the same environment, so using the environment name as a unique identifier could fail in some scenarios. Generate a unique artifact name based on job and run ID instead - there can only be one job of a given ID within a workflow run of a given ID, i.e. the combination of the two will be unique. --- .github/workflows/terraform.yml | 4 ++-- docs/workflows/terraform.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 21c1d9e5..71604f66 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -45,7 +45,7 @@ on: required: false artifact_name: - description: The name of the artifact to upload. If not specified, an artifact name will be generated based on the environment name. + description: The name of the artifact to upload. If not specified, a unique artifact name will be generated. type: string required: false @@ -107,7 +107,7 @@ env: LOCK_FILE: .terraform.lock.hcl PLAN_FILE: tfplan TARBALL: terraform.tar.gpg - ARTIFACT_NAME: ${{ inputs.artifact_name || format('terraform-{0}', inputs.environment) }} + ARTIFACT_NAME: ${{ inputs.artifact_name || format('tfplan-{0}-{1}', github.job, github.run_id) }} ENCRYPTION_PASSWORD: ${{ secrets.ENCRYPTION_PASSWORD }} jobs: diff --git a/docs/workflows/terraform.md b/docs/workflows/terraform.md index f5c2e534..89328d95 100644 --- a/docs/workflows/terraform.md +++ b/docs/workflows/terraform.md @@ -84,7 +84,7 @@ The path, relative to the working directory, of a variable definitions file (`.t ### (*Optional*) `artifact_name` -The name of the artifact to upload. If not specified, an artifact name will be generated based on the environment name. Defaults to `terraform-` +The name of the artifact to upload. If not specified, a unique artifact name will be generated. ### (*Optional*) `run_terraform_apply` From b21f70103c20d40deb82cba6015180f12b4e8b3d Mon Sep 17 00:00:00 2001 From: Henrik Knutsen <46495473+hknutsen@users.noreply.github.com> Date: Fri, 14 Nov 2025 12:58:18 +0100 Subject: [PATCH 2/4] refactor --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 71604f66..e8c5b761 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -107,7 +107,7 @@ env: LOCK_FILE: .terraform.lock.hcl PLAN_FILE: tfplan TARBALL: terraform.tar.gpg - ARTIFACT_NAME: ${{ inputs.artifact_name || format('tfplan-{0}-{1}', github.job, github.run_id) }} + ARTIFACT_NAME: ${{ inputs.artifact_name || format('terraform-{0}-{1}', github.job, github.run_id) }} ENCRYPTION_PASSWORD: ${{ secrets.ENCRYPTION_PASSWORD }} jobs: From d3fe624c6c60ba80c230e44fc34d200d86619f2c Mon Sep 17 00:00:00 2001 From: Henrik Knutsen <46495473+hknutsen@users.noreply.github.com> Date: Tue, 20 Jan 2026 13:12:04 +0100 Subject: [PATCH 3/4] refactor --- .github/workflows/terraform.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index e8c5b761..2ee8da98 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -107,7 +107,6 @@ env: LOCK_FILE: .terraform.lock.hcl PLAN_FILE: tfplan TARBALL: terraform.tar.gpg - ARTIFACT_NAME: ${{ inputs.artifact_name || format('terraform-{0}-{1}', github.job, github.run_id) }} ENCRYPTION_PASSWORD: ${{ secrets.ENCRYPTION_PASSWORD }} jobs: @@ -239,7 +238,7 @@ jobs: if: steps.tar.outcome == 'success' uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: - name: ${{ env.ARTIFACT_NAME }} + name: ${{ inputs.artifact_name || format('terraform-{0}', hashFiles(inputs.working_directory, inputs.backend_config)) }} path: ${{ steps.tar.outputs.tarball_path }} if-no-files-found: error # Automatically delete artifact after the workflow run time limit (35 days) to save storage space. @@ -292,6 +291,7 @@ jobs: cache-primary-key: ${{ steps.cache-restore.outputs.cache-primary-key }} cache-restore-hit: ${{ steps.cache-restore.outputs.cache-hit }} cache-save-outcome: ${{ steps.cache-save.outcome }} + artifact-id: ${{ steps.upload.outputs.artifact-id }} terraform-apply: name: Terraform Apply @@ -315,7 +315,7 @@ jobs: - name: Download artifact uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 with: - name: ${{ env.ARTIFACT_NAME }} + artifact-ids: ${{ needs.terraform-plan.outputs.artifact-id }} path: ${{ inputs.working_directory }} - name: Restore cache From 1d43bb24666ec5a55f53435f04b13b091836c682 Mon Sep 17 00:00:00 2001 From: Henrik Knutsen <46495473+hknutsen@users.noreply.github.com> Date: Wed, 21 Jan 2026 09:43:02 +0100 Subject: [PATCH 4/4] add prefix --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 2ee8da98..3168911c 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -238,7 +238,7 @@ jobs: if: steps.tar.outcome == 'success' uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 with: - name: ${{ inputs.artifact_name || format('terraform-{0}', hashFiles(inputs.working_directory, inputs.backend_config)) }} + name: ${{ inputs.artifact_name || format('{0}-terraform-{1}', runner.os, hashFiles(inputs.working_directory, inputs.backend_config)) }} path: ${{ steps.tar.outputs.tarball_path }} if-no-files-found: error # Automatically delete artifact after the workflow run time limit (35 days) to save storage space.