Trying to get a basic CI/CD flow working for Genesys Cloud via Terraform. I have a GitHub Actions workflow that triggers on pull requests. The goal is to run terraform plan against the staging environment to catch drift before merging.
The action looks like this:
name: Terraform Plan
on: pull_request
jobs:
plan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: TF Init
run: terraform init
- name: TF Plan
env:
GC_ORGANIZATION_ID: ${{ secrets.GC_ORG_ID }}
GC_API_KEY_ID: ${{ secrets.GC_API_KEY_ID }}
GC_API_SECRET: ${{ secrets.GC_API_SECRET }}
run: terraform plan
The init step works fine. But the plan step crashes immediately with a 409 Conflict error. The logs say something about a resource already existing with that name. I’m just running a plan though, so it shouldn’t be trying to create anything yet. Is the provider doing a pre-flight check that hits the API? How do I get the plan to just read the state without throwing errors on existing resources?
name: Terraform Plan
on: pull_request
jobs:
plan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan -var-file=“staging.tfvars”
env:
GENESYS_CLOUD_CLIENT_ID: ${{ secrets.GC_CLIENT_ID }}
GENESYS_CLOUD_CLIENT_SECRET: ${{ secrets.GC_CLIENT_SECRET }}
GENESYS_CLOUD_REGION: “mypurecloud.com”
GENESYS_CLOUD_ORG_ID: ${{ secrets.GC_ORG_ID }}
GENESYS_CLOUD_ENVIRONMENT: “staging”
The 409 Conflict usually happens because the provider is trying to refresh credentials while another process holds the lock, or the staging environment state file is locked from a previous failed run. You need to make sure the environment variables are passed correctly in the `env` block of the step, not just the workflow secrets directly.
Also, check if the state file is locked. If a previous run crashed, Terraform holds a lock. You might need to force unlock it manually via the CLI or the provider docs if the CI run doesn't handle cleanup.
For New Relic integration, we track these plan failures as custom events. If the plan fails, we send a webhook to NR to alert the team before they even look at the PR. Keeps the noise down.
Make sure the `GENESYS_CLOUD_ENVIRONMENT` variable matches exactly what's in your `terraform.tfvars`. Mismatched env vars cause the provider to hit the wrong API endpoint, which throws a 409.