Expose the trigger tag as a run environment variable (parity with branch / SHA)

Tag-triggered runs do not include the triggering tag in the run environment. There is no analogue to TF_VAR_spacelift_commit_branch or TF_VAR_spacelift_commit_sha for tags, despite the tag being the trigger and being available internally (visible in the UI and queryable via the GraphQL API as stack.run.commit.tag). Any consumer that needs the tag inside Terraform has to fetch it out-of-band.

Workaround

Created a dedicated Spacelift API keypair and a login policy granting it read access to the relevant stacks then attaching the credentials to those stacks via a context. A before_init hook exchanges the keypair for a JWT via the apiKeyUser mutation, queries stack(id) { run(id) { commit { tag } } } for the current run, and writes the value into a *.auto.tfvars file so it survives the hook subshell into the plan/apply stages. The auto-injected run-scoped SPACELIFT_API_TOKEN can't be used here as it's denied on Stack/Run queries so a long-lived API key is mandatory.

Problem

Set a Terraform version variable to the OCI tag pushed by a paired CI build

Please authenticate to join the conversation.

Upvoters

Status

👀 In Review

Board

💡 Feature Requests

Subscribe to post