Fix incorrect plan changed report with truncated plans #15
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test actions using target, replace, and exclude | |
| on: | |
| - pull_request | |
| permissions: | |
| contents: read | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| plan_targeting: | |
| runs-on: ubuntu-24.04 | |
| name: Plan targeting | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan with no changes in targets | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| label: test-target-replace plan_targeting | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.notpresent | |
| variables: | | |
| length = 5 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "false" ]]; then | |
| echo "::error:: Should not be any changes with this targeted plan" | |
| exit 1 | |
| fi | |
| - name: Plan targeted change | |
| uses: ./terraform-plan | |
| id: plan-first-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.count[0] | |
| variables: | | |
| length = 5 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-first-change.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Targeted plan should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply targeted change | |
| uses: ./terraform-apply | |
| id: apply-first-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.count[0] | |
| variables: | | |
| length = 5 | |
| - name: Verify outputs | |
| env: | |
| COUNT: ${{ steps.apply-first-change.outputs.count }} | |
| run: | | |
| if [[ "$COUNT" == "" ]]; then | |
| echo "::error:: output count not set correctly" | |
| exit 1 | |
| fi | |
| - name: Plan targeted change | |
| uses: ./terraform-plan | |
| id: plan-second-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| variables: | | |
| length = 6 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-second-change.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Targeted plan should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply targeted change | |
| uses: ./terraform-apply | |
| id: apply-second-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| variables: | | |
| length = 6 | |
| - name: Verify outputs | |
| env: | |
| FIRST_COUNT: ${{ steps.apply-first-change.outputs.count }} | |
| SECOND_COUNT: ${{ steps.apply-second-change.outputs.count }} | |
| FOREACH: ${{ steps.apply-second-change.outputs.foreach }} | |
| run: | | |
| if [[ "$FOREACH" == "" ]]; then | |
| echo "::error:: output foreach not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$SECOND_COUNT" != "$FIRST_COUNT" ]]; then | |
| echo "::error:: Targeted change has affected untargeted resources" | |
| exit 1 | |
| fi | |
| - name: Auto Apply targeted change | |
| uses: ./terraform-apply | |
| id: apply-third-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.count[0] | |
| random_string.foreach["hello"] | |
| variables: | | |
| length = 10 | |
| auto_approve: true | |
| - name: Verify outputs | |
| env: | |
| THIRD_COUNT: ${{ steps.apply-third-change.outputs.count }} | |
| SECOND_COUNT: ${{ steps.apply-second-change.outputs.count }} | |
| THIRD_FOREACH: ${{ steps.apply-third-change.outputs.foreach }} | |
| SECOND_FOREACH: ${{ steps.apply-second-change.outputs.foreach }} | |
| run: | | |
| if [[ "$THIRD_COUNT" == "$SECOND_COUNT" ]]; then | |
| echo "::error:: Targeted change has not affected targeted resources" | |
| exit 1 | |
| fi | |
| if [[ "$THIRD_FOREACH" == "$SECOND_FOREACH" ]]; then | |
| echo "::error:: Targeted change has not affected targeted resources" | |
| exit 1 | |
| fi | |
| - name: Plan targeted replacement | |
| uses: ./terraform-plan | |
| id: plan-targeted-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-targeted-replacement.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Targeted replacement should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply targeted replacement | |
| uses: ./terraform-apply | |
| id: apply-targeted-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| - name: Verify outputs | |
| env: | |
| THIRD_COUNT: ${{ steps.apply-third-change.outputs.count }} | |
| TARGETED_COUNT: ${{ steps.apply-targeted-replacement.outputs.count }} | |
| THIRD_FOREACH: ${{ steps.apply-third-change.outputs.foreach }} | |
| TARGETED_FOREACH: ${{ steps.apply-targeted-replacement.outputs.foreach }} | |
| run: | | |
| if [[ "$TARGETED_COUNT" != "$THIRD_COUNT" ]]; then | |
| echo "::error:: Targeted replacement has affected non targeted resources" | |
| exit 1 | |
| fi | |
| if [[ "$TARGETED_FOREACH" == "$THIRD_FOREACH" ]]; then | |
| echo "::error:: Targeted replacement has not affected targeted resources" | |
| exit 1 | |
| fi | |
| - name: Plan replacement | |
| uses: ./terraform-plan | |
| id: plan-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-replacement.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Replacement should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply replacement | |
| uses: ./terraform-apply | |
| id: apply-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| - name: Verify outputs | |
| env: | |
| TARGETED_COUNT: ${{ steps.apply-targeted-replacement.outputs.count }} | |
| REPLACEMENT_COUNT: ${{ steps.apply-replacement.outputs.count }} | |
| TARGETED_FOREACH: ${{ steps.apply-targeted-replacement.outputs.foreach }} | |
| REPLACEMENT_FOREACH: ${{ steps.apply-replacement.outputs.foreach }} | |
| run: | | |
| if [[ "$REPLACEMENT_COUNT" == "$TARGETED_COUNT" ]]; then | |
| echo "::error:: Replacement has not affected targeted resources" | |
| exit 1 | |
| fi | |
| if [[ "$REPLACEMENT_FOREACH" == "$TARGETED_FOREACH" ]]; then | |
| echo "::error:: Replacement has not affected targeted resources" | |
| exit 1 | |
| fi | |
| remote_plan_targeting: | |
| runs-on: ubuntu-24.04 | |
| name: Remote Plan targeting | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Setup remote backend | |
| run: | | |
| cat >tests/workflows/test-target-replace-exclude/backend.tf <<EOF | |
| terraform { | |
| backend "remote" { | |
| organization = "flooktech" | |
| workspaces { | |
| prefix = "github-actions-replace-" | |
| } | |
| } | |
| required_version = "~> 1.0.4" | |
| } | |
| EOF | |
| - name: Create test workspace | |
| uses: ./terraform-new-workspace | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Plan with no changes in targets | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| label: test-target-replace remote_plan_targeting | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.notpresent | |
| variables: | | |
| length = 5 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "false" ]]; then | |
| echo "::error:: Should not be any changes with this targeted plan" | |
| exit 1 | |
| fi | |
| - name: Plan targeted change | |
| uses: ./terraform-plan | |
| id: plan-first-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.count[0] | |
| variables: | | |
| length = 5 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-first-change.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Targeted plan should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply targeted change | |
| uses: ./terraform-apply | |
| id: apply-first-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.count[0] | |
| variables: | | |
| length = 5 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| COUNT: ${{ steps.apply-first-change.outputs.count }} | |
| run: | | |
| if [[ "$COUNT" == "" ]]; then | |
| echo "::error:: output count not set correctly" | |
| exit 1 | |
| fi | |
| - name: Plan targeted change | |
| uses: ./terraform-plan | |
| id: plan-second-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| variables: | | |
| length = 6 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-second-change.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Targeted plan should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply targeted change | |
| uses: ./terraform-apply | |
| id: apply-second-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| variables: | | |
| length = 6 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| FIRST_COUNT: ${{ steps.apply-first-change.outputs.count }} | |
| SECOND_COUNT: ${{ steps.apply-second-change.outputs.count }} | |
| FOREACH: ${{ steps.apply-second-change.outputs.foreach }} | |
| run: | | |
| if [[ "$FOREACH" == "" ]]; then | |
| echo "::error:: output foreach not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$SECOND_COUNT" != "$FIRST_COUNT" ]]; then | |
| echo "::error:: Targeted change has affected untargeted resources" | |
| exit 1 | |
| fi | |
| - name: Auto Apply targeted change | |
| uses: ./terraform-apply | |
| id: apply-third-change | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.count[0] | |
| random_string.foreach["hello"] | |
| variables: | | |
| length = 10 | |
| auto_approve: true | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| THIRD_COUNT: ${{ steps.apply-third-change.outputs.count }} | |
| SECOND_COUNT: ${{ steps.apply-second-change.outputs.count }} | |
| THIRD_FOREACH: ${{ steps.apply-third-change.outputs.foreach }} | |
| SECOND_FOREACH: ${{ steps.apply-second-change.outputs.foreach }} | |
| run: | | |
| if [[ "$THIRD_COUNT" == "$SECOND_COUNT" ]]; then | |
| echo "::error:: Targeted change has not affected targeted resources" | |
| exit 1 | |
| fi | |
| if [[ "$THIRD_FOREACH" == "$SECOND_FOREACH" ]]; then | |
| echo "::error:: Targeted change has not affected targeted resources" | |
| exit 1 | |
| fi | |
| - name: Plan targeted replacement | |
| uses: ./terraform-plan | |
| id: plan-targeted-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-targeted-replacement.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Targeted replacement should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply targeted replacement | |
| uses: ./terraform-apply | |
| id: apply-targeted-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| target: | | |
| random_string.foreach["hello"] | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| THIRD_COUNT: ${{ steps.apply-third-change.outputs.count }} | |
| TARGETED_COUNT: ${{ steps.apply-targeted-replacement.outputs.count }} | |
| THIRD_FOREACH: ${{ steps.apply-third-change.outputs.foreach }} | |
| TARGETED_FOREACH: ${{ steps.apply-targeted-replacement.outputs.foreach }} | |
| run: | | |
| if [[ "$TARGETED_COUNT" != "$THIRD_COUNT" ]]; then | |
| echo "::error:: Targeted replacement has affected non targeted resources" | |
| exit 1 | |
| fi | |
| if [[ "$TARGETED_FOREACH" == "$THIRD_FOREACH" ]]; then | |
| echo "::error:: Targeted replacement has not affected targeted resources" | |
| exit 1 | |
| fi | |
| - name: Plan replacement | |
| uses: ./terraform-plan | |
| id: plan-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan-replacement.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Replacement should have changes" | |
| exit 1 | |
| fi | |
| - name: Apply replacement | |
| uses: ./terraform-apply | |
| id: apply-replacement | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| replace: | | |
| random_string.foreach["hello"] | |
| random_string.count[0] | |
| variables: | | |
| length = 10 | |
| workspace: ${{ github.head_ref }} | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| - name: Verify outputs | |
| env: | |
| TARGETED_COUNT: ${{ steps.apply-targeted-replacement.outputs.count }} | |
| REPLACEMENT_COUNT: ${{ steps.apply-replacement.outputs.count }} | |
| TARGETED_FOREACH: ${{ steps.apply-targeted-replacement.outputs.foreach }} | |
| REPLACEMENT_FOREACH: ${{ steps.apply-replacement.outputs.foreach }} | |
| run: | | |
| if [[ "$REPLACEMENT_COUNT" == "$TARGETED_COUNT" ]]; then | |
| echo "::error:: Replacement has not affected targeted resources" | |
| exit 1 | |
| fi | |
| if [[ "$REPLACEMENT_FOREACH" == "$TARGETED_FOREACH" ]]; then | |
| echo "::error:: Replacement has not affected targeted resources" | |
| exit 1 | |
| fi | |
| - name: Destroy the workspace | |
| uses: ./terraform-destroy-workspace | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| workspace: ${{ github.head_ref }} | |
| variables: | | |
| length = 10 | |
| backend_config: token=${{ secrets.TF_API_TOKEN }} | |
| tofu_exclude_testing: | |
| runs-on: ubuntu-24.04 | |
| name: OpenTofu exclude testing | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan excluding resources | |
| uses: ./tofu-plan | |
| id: plan-exclude | |
| with: | |
| label: test-exclude tofu_exclude_testing | |
| path: tests/workflows/test-target-replace-exclude | |
| exclude: | | |
| random_string.exclude_me | |
| random_string.also_exclude | |
| variables: | | |
| length = 5 | |
| - name: Verify exclude plan outputs | |
| env: | |
| CHANGES: ${{ steps.plan-exclude.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Exclude plan should have changes for non-excluded resources" | |
| exit 1 | |
| fi | |
| - name: Apply excluding resources | |
| uses: ./tofu-apply | |
| id: apply-exclude | |
| with: | |
| label: test-exclude tofu_exclude_testing | |
| path: tests/workflows/test-target-replace-exclude | |
| exclude: | | |
| random_string.exclude_me | |
| random_string.also_exclude | |
| variables: | | |
| length = 5 | |
| - name: Verify exclude apply outputs | |
| env: | |
| COUNT: ${{ steps.apply-exclude.outputs.count }} | |
| FOREACH: ${{ steps.apply-exclude.outputs.foreach }} | |
| KEEP_ME: ${{ steps.apply-exclude.outputs.keep_me }} | |
| EXCLUDE_ME: ${{ steps.apply-exclude.outputs.exclude_me }} | |
| ALSO_EXCLUDE: ${{ steps.apply-exclude.outputs.also_exclude }} | |
| run: | | |
| # Should have created non-excluded resources | |
| if [[ "$COUNT" == "" ]]; then | |
| echo "::error:: count output should be set (resource not excluded)" | |
| exit 1 | |
| fi | |
| if [[ "$FOREACH" == "" ]]; then | |
| echo "::error:: foreach output should be set (resource not excluded)" | |
| exit 1 | |
| fi | |
| if [[ "$KEEP_ME" == "" ]]; then | |
| echo "::error:: keep_me output should be set (resource not excluded)" | |
| exit 1 | |
| fi | |
| # Should NOT have created excluded resources | |
| if [[ "$EXCLUDE_ME" != "" ]]; then | |
| echo "::error:: exclude_me output should be empty (resource excluded)" | |
| exit 1 | |
| fi | |
| if [[ "$ALSO_EXCLUDE" != "" ]]; then | |
| echo "::error:: also_exclude output should be empty (resource excluded)" | |
| exit 1 | |
| fi | |
| - name: Plan excluding resources without label | |
| uses: ./tofu-plan | |
| id: plan-exclude-no-label | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| exclude: | | |
| random_string.exclude_me | |
| variables: | | |
| length = 8 | |
| - name: Verify exclude plan without label | |
| env: | |
| CHANGES: ${{ steps.plan-exclude-no-label.outputs.changes }} | |
| run: | | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: Exclude plan without label should have changes for non-excluded resources" | |
| exit 1 | |
| fi | |
| - name: Apply excluding resources without label | |
| uses: ./tofu-apply | |
| id: apply-exclude-no-label | |
| with: | |
| path: tests/workflows/test-target-replace-exclude | |
| exclude: | | |
| random_string.exclude_me | |
| variables: | | |
| length = 8 | |
| - name: Verify exclude apply without label | |
| env: | |
| EXCLUDE_ME: ${{ steps.apply-exclude-no-label.outputs.exclude_me }} | |
| KEEP_ME: ${{ steps.apply-exclude-no-label.outputs.keep_me }} | |
| run: | | |
| # Should NOT have created excluded resource | |
| if [[ "$EXCLUDE_ME" != "" ]]; then | |
| echo "::error:: exclude_me output should be empty (resource excluded without label)" | |
| exit 1 | |
| fi | |
| # Should have updated non-excluded resource | |
| if [[ "$KEEP_ME" == "" ]]; then | |
| echo "::error:: keep_me output should be set (resource not excluded without label)" | |
| exit 1 | |
| fi |