Add support for ephemeral variables in terraform >= 1.10.0 #704
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test terraform-plan | |
| on: | |
| - pull_request | |
| permissions: | |
| contents: read | |
| jobs: | |
| no_changes: | |
| runs-on: ubuntu-24.04 | |
| name: No changes | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/no_changes | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| PLAN_PATH: ${{ steps.plan.outputs.plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "false" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .format_version "$JSON_PLAN_PATH") != "1.2" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! [[ -f "$PLAN_PATH" ]]; then | |
| echo "::error:: plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 0 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| no_changes_no_comment: | |
| runs-on: ubuntu-24.04 | |
| name: No changes without comment | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/no_changes | |
| add_github_comment: false | |
| - name: Verify outputs | |
| env: | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .format_version "$JSON_PLAN_PATH") != "1.2" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| plan_change_comment_11: | |
| runs-on: ubuntu-24.04 | |
| name: Change terraform 11 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan_11 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$JSON_PLAN_PATH" ]]; then | |
| echo "::error:: json_plan_path should not be set - not available with terraform 11" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_comment_12: | |
| runs-on: ubuntu-24.04 | |
| name: Change terraform 12 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan_12 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_comment_13: | |
| runs-on: ubuntu-24.04 | |
| name: Change terraform 13 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan_13 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_comment_14: | |
| runs-on: ubuntu-24.04 | |
| name: Change terraform 14 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| TF_PLAN_COLLAPSE_LENGTH: 30 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan_14 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_comment_15: | |
| runs-on: ubuntu-24.04 | |
| name: Change terraform 15 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| TF_PLAN_COLLAPSE_LENGTH: 30 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan_15 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_comment_15_4: | |
| runs-on: ubuntu-24.04 | |
| name: Change terraform 15.4 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan_15_4 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_comment_latest: | |
| runs-on: ubuntu-24.04 | |
| name: Change latest terraform | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| RUN_ID: ${{ steps.plan.outputs.run_id }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 0 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| plan_change_no_comment: | |
| runs-on: ubuntu-24.04 | |
| name: Change without github comment | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| add_github_comment: false | |
| - name: Verify outputs | |
| env: | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .output_changes.s.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| error: | |
| runs-on: ubuntu-24.04 | |
| name: Error | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| continue-on-error: true | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/error | |
| - name: Check invalid | |
| env: | |
| OUTCOME: ${{ steps.plan.outcome }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Plan did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$JSON_PLAN_PATH" ]]; then | |
| echo "::error:: json_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$TEXT_PLAN_PATH" ]]; then | |
| echo "::error:: text_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 0 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 0 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| error_no_comment: | |
| runs-on: ubuntu-24.04 | |
| name: Error without comment | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| continue-on-error: true | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/error | |
| add_github_comment: false | |
| - name: Check invalid | |
| env: | |
| OUTCOME: ${{ steps.plan.outcome }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Plan did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$JSON_PLAN_PATH" ]]; then | |
| echo "::error:: json_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$TEXT_PLAN_PATH" ]]; then | |
| echo "::error:: text_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| plan_without_token: | |
| runs-on: ubuntu-24.04 | |
| name: Add comment without token | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| continue-on-error: true | |
| id: plan | |
| with: | |
| path: tests/workflows/test-plan/error | |
| - name: Check invalid | |
| env: | |
| OUTCOME: ${{ steps.plan.outcome }} | |
| JSON_PLAN_PATH: ${{ steps.plan.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.plan.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Plan did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$JSON_PLAN_PATH" ]]; then | |
| echo "::error:: json_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$TEXT_PLAN_PATH" ]]; then | |
| echo "::error:: text_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| plan_single_variable: | |
| runs-on: ubuntu-24.04 | |
| name: Plan single variable | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/vars | |
| variables: | | |
| my_var="single" | |
| var_file: tests/workflows/test-plan/test.tfvars | |
| plan_single_sensitive_variable: | |
| runs-on: ubuntu-24.04 | |
| name: Plan single sensitive variable | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/single_sensitive_variable | |
| variables: | | |
| my_sensitive_string = "password123" | |
| plan_sensitive_variables: | |
| runs-on: ubuntu-24.04 | |
| name: Plan variables some which are sensitive | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/sensitive_variables | |
| variables: | | |
| my_string="hello" | |
| my_int = 23 | |
| my_float = 3.14 | |
| my_sensitive_string = "password123" | |
| complex = [ | |
| { | |
| internal = 8300 | |
| external = 8300 | |
| protocol = "tcp" | |
| animals = ["dog", "cat"] | |
| } | |
| ] | |
| complex_sensitive = [ | |
| { | |
| internal = 100 | |
| external = 100 | |
| protocol = "udp" | |
| fruits = ["apple", "banana"] | |
| } | |
| ] | |
| plan_sensitive_var: | |
| runs-on: ubuntu-24.04 | |
| name: Plan using deprecated var and sensitive variable | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/sensitive_var | |
| var: my_sensitive_var=hello | |
| plan_change_run_commands: | |
| runs-on: ubuntu-24.04 | |
| name: Change with shell init commands | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| add_github_comment: false | |
| env: | |
| TERRAFORM_PRE_RUN: | | |
| echo "testing command 1" | |
| echo "testing command 2" | |
| default_path: | |
| runs-on: ubuntu-24.04 | |
| name: Default path | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Copy | |
| run: cp tests/workflows/test-plan/plan/main.tf ./main.tf | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-plan default_path | |
| path_does_not_exist: | |
| runs-on: ubuntu-24.04 | |
| name: Error with invalid paths | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: path | |
| uses: ./terraform-plan | |
| id: path | |
| continue-on-error: true | |
| with: | |
| path: nope | |
| add_github_comment: false | |
| - name: var_file | |
| uses: ./terraform-plan | |
| id: var_file | |
| continue-on-error: true | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| var_file: | | |
| var_file/doesnt/exist.tfvars | |
| var_file/doesnt/exist2.tfvars | |
| add_github_comment: false | |
| - name: backend_config_file | |
| uses: ./terraform-plan | |
| id: backend_config_file | |
| continue-on-error: true | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| backend_config_file: backend_config/doesnt/exist.tfvars | |
| add_github_comment: false | |
| - name: Check invalid | |
| env: | |
| PATH_OUTCOME: ${{ steps.path.outcome }} | |
| VAR_FILE_OUTCOME: ${{ steps.var_file.outcome }} | |
| BACKEND_CONFIG_FILE_OUTCOME: ${{ steps.backend_config_file.outcome }} | |
| run: | | |
| if [[ "$PATH_OUTCOME" != "failure" ]]; then | |
| echo "Non existant path did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ "$VAR_FILE_OUTCOME" != "failure" ]]; then | |
| echo "Non existant var_file did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ "$BACKEND_CONFIG_FILE_OUTCOME" != "failure" ]]; then | |
| echo "Non existant backend_config_file did not fail correctly" | |
| exit 1 | |
| fi | |
| test_plan_1_4: | |
| runs-on: ubuntu-24.04 | |
| name: Test plan text on Terraform 1.4 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| auto_approve: true | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/plan | |
| label: test-plan test_plan_1_4 | |
| # arm64: | |
| # runs-on: buildjet-2vcpu-ubuntu-2204-arm | |
| # name: Test on arm64 | |
| # permissions: | |
| # contents: read | |
| # pull-requests: write | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # persist-credentials: false | |
| # | |
| # - name: Plan | |
| # uses: ./terraform-plan | |
| # with: | |
| # path: tests/workflows/test-plan/plan | |
| # label: arm64 | |
| always_new: | |
| runs-on: ubuntu-24.04 | |
| name: always-new | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan with label | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/always-new | |
| label: always-new SHOULD BE OUTDATED | |
| - name: Plan 2 with label | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/always-new | |
| label: always-new SHOULD BE OUTDATED | |
| add_github_comment: always-new | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/always-new | |
| - name: Plan 2 | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/always-new | |
| add_github_comment: always-new | |
| colours: | |
| runs-on: ubuntu-24.04 | |
| name: Full colour plan for diff highlighting | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan with colours | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-plan/colours | |
| label: test-plan colours | |
| variables: | |
| diff=true | |
| # self-hosted: | |
| # runs-on: self-hosted | |
| # name: Self-hosted runner | |
| # permissions: | |
| # contents: read | |
| # pull-requests: write | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # persist-credentials: false | |
| # | |
| # - name: Plan | |
| # uses: ./terraform-plan | |
| # with: | |
| # label: test-plan self-hosted | |
| # path: tests/workflows/test-plan/self-hosted | |
| # | |
| # - name: Plan Again | |
| # uses: ./terraform-plan | |
| # with: | |
| # label: test-plan self-hosted | |
| # path: tests/workflows/test-plan/self-hosted |