Skip to content

Terragrunt processes files in .git/ directory #4815

New issue
New issue
Open
Open
Terragrunt processes files in .git/ directory#4815
Labels
bugSomething isn't working
@billyfoss

Description

@billyfoss
billyfoss
opened on Sep 10, 2025

Describe the bug

Terragrunt is scanning the .git/ directory and processes files matching the directory name

Steps To Reproduce

With a user which includes '@' as common when running inside a container

GIT_REPO=https://github.com/gruntwork-io/terragrunt
GIT_BRANCH=main
JENKINS_WORKSPACE=/tmp/${GIT_BRANCH}/

mkdir -p ${JENKINS_WORKSPACE}
cd ${JENKINS_WORKSPACE}
git init ${JENKINS_WORKSPACE}
git fetch --no-tags --force --progress -- ${GIT_REPO} +refs/heads/${GIT_BRANCH}:refs/remotes/origin/${GIT_BRANCH}

echo "
terraform {
}
" > terragrunt.hcl

terragrunt render --json --log-level debug

Output


DEBU[0000] Terragrunt Version: 0.87.0
DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] using cache key for version files: r01AJjVD7VSXCQk1ORuh_no_NRY
DEBU[0000] Running command: /usr/local/bin/terraform -version
DEBU[0000] Engine is not enabled, running command directly in /tmp/main
DEBU[0000] terraform version: 1.5.7
DEBU[0000] Reading Terragrunt config file at /tmp/main/terragrunt.hcl
DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] Running command: git rev-parse --show-toplevel
DEBU[0000] Command output will be suppressed.
DEBU[0000] git show-toplevel result: 


/tmp/main

DEBU[0000] Did not find any locals block: skipping evaluation.
DEBU[0000] Setting download directory for unit /tmp/main to /tmp/main/.terragrunt-cache
DEBU[0000] Unit /tmp/main does not have an associated terraform configuration and will be skipped.
ERRO[0000] Error: Invalid character
ERRO[0000]   on /tmp/main/.git/logs/refs/remotes/origin/main line 1:
ERRO[0000]    1: 0000000000000000000000000000000000000000 d15ea29e7b1f6ca152d94500560d2d8e7120383d root <root@622b71407de1.(none)> 1757519596 +0000	fetch --no-tags --force --progress -- https://github.com/gruntwork-io/terragrunt +refs/heads/main:refs/remotes/origin/main: storing head
ERRO[0000] This character is not used within the language.
ERRO[0000] Error: Argument or block definition required
ERRO[0000]   on /tmp/main/.git/logs/refs/remotes/origin/main line 1:
ERRO[0000]    1: 0000000000000000000000000000000000000000 d15ea29e7b1f6ca152d94500560d2d8e7120383d root <root@622b71407de1.(none)> 1757519596 +0000	fetch --no-tags --force --progress -- https://github.com/gruntwork-io/terragrunt +refs/heads/main:refs/remotes/origin/main: storing head
ERRO[0000] An argument or block definition is required here.
WARN[0000] Failed to parse HCL in file /tmp/main/.git/logs/refs/remotes/origin/main: /tmp/main/.git/logs/refs/remotes/origin/main:1,93-94: Invalid character; This character is not used within the language., and 1 other diagnostic(s)
DEBU[0000] Failed to build module stack Error processing unit at '/tmp/main/.git/logs/refs/remotes/origin/main'. How this unit was found: Terragrunt config file found in a subdirectory of /tmp/main. Underlying error: /tmp/main/.git/logs/refs/remotes/origin/main:1,93-94: Invalid character; This character is not used within the language., and 1 other diagnostic(s)
INFO[0000] Rendering config /tmp/main/terragrunt.hcl
{"dependencies":null,"download_dir":"","generate":{},"iam_assume_role_duration":null,"iam_assume_role_session_name":"","iam_role":"","iam_web_identity_token":"","inputs":null,"locals":null,"retry_max_attempts":null,"retry_sleep_interval_sec":null,"retryable_errors":null,"terraform":{"after_hook":{},"before_hook":{},"copy_terraform_lock_file":null,"error_hook":{},"exclude_from_copy":null,"extra_arguments":{},"include_in_copy":null,"source":null},"terraform_binary":"","terraform_version_constraint":"","terragrunt_version_constraint":""}

Expected behavior

It is not expected that Terragrunt will see files under .git/ as files to parse.

Versions

  • Terragrunt version: 0.87.0
  • OpenTofu/Terraform version: 1.5.7
  • Environment details (Ubuntu 20.04, Windows 10, etc.): ubi8 based container, but also seen running on MacOS.

Additional context

When using Jenkins with a multi-branch pipeline job, Jenkins will check out files into a workspace directory matching the folder and job name truncated to 32 characters. With the multi-branch jobs, the branch name is used as the job name. If the branch name is 32 characters, then the branch name will match the workspace directory name. When Jenkins does a sparse checkout, it will generate a log file which matches the branch name. So for branches that are 32 characters long, the Jenkins workspace directory name will match the filename under the .git/logs directory and under the .git/refs directory.

This behavior has been in place for a quite some time, but it was only flagged as a warning. Changes between 0.80.4 and 0.81.0 triggered the warning to become an error and forced us to look into the issue deeper.

I did try a few --queue-exclude options, but I could not get those to skip the .git directory.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions