Merge pull request #328 from dflook/tf-cloud-1-6

Update to support Terraform cloud with Terraform 1.6

Author: dflook

.github/workflows/test-cloud.yaml

@@ -314,13 +314,13 @@ jobs:
             exit 1
           fi
           
-          if [[ -n "${{ steps.auto_apply.outputs.text_plan_path }}" ]]; then
-            echo "::error:: text_plan_path should not be set"
+          if ! grep -q "Terraform will perform the following actions" '${{ steps.auto_apply.outputs.text_plan_path }}'; then
+            echo "::error:: text_plan_path not set correctly"
             exit 1
           fi
 
-          if [[ -n "${{ steps.auto_apply.outputs.json_plan_path }}" ]]; then
-            echo "::error:: json_plan_path should not be set"
+          if [[ ! -f "${{ steps.auto_apply.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
             exit 1
           fi
 
@@ -378,12 +378,13 @@ jobs:
           path: tests/workflows/test-cloud/partial
           workspace: ${{ github.head_ref }}-cloud-1
 
-      - name: Plan workspace
+      - name: Plan changes
         uses: ./terraform-plan
         id: plan
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
+          label: test-cloud cloud plan
           path: tests/workflows/test-cloud/partial
           workspace: ${{ github.head_ref }}-cloud-2
 
@@ -399,18 +400,24 @@ jobs:
             exit 1
           fi
 
+          if [[ ! -f "${{ steps.auto_apply.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
+            exit 1
+          fi
+
           echo '${{ steps.plan.outputs.run_id }}'
           if [[ "${{ steps.plan.outputs.run_id }}" != "run-"* ]]; then
             echo "::error:: output run_id not set correctly"
             exit 1
           fi
 
-      - name: Apply workspace
+      - name: Apply changes
         uses: ./terraform-apply
         id: apply
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
+          label: test-cloud cloud plan
           path: tests/workflows/test-cloud/partial
           workspace: ${{ github.head_ref }}-cloud-2
 
@@ -425,9 +432,9 @@ jobs:
             echo "::error:: text_plan_path not set correctly"
             exit 1
           fi
-
-          if [[ -n "${{ steps.apply.outputs.json_plan_path }}" ]]; then
-            echo "::error:: json_plan_path should not be set"
+          
+          if [[ ! -f "${{ steps.apply.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
             exit 1
           fi
 
@@ -437,6 +444,188 @@ jobs:
             exit 1
           fi
 
+      - name: Plan no changes
+        uses: ./terraform-plan
+        id: plan-no-changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          label: test-cloud cloud plan-no-changes
+          path: tests/workflows/test-cloud/partial
+          workspace: ${{ github.head_ref }}-cloud-2
+
+      - name: Apply no changes
+        uses: ./terraform-apply
+        id: apply-no-changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          label: test-cloud cloud plan-no-changes
+          path: tests/workflows/test-cloud/partial
+          workspace: ${{ github.head_ref }}-cloud-2
+
+      - name: Verify apply with no changes
+        run: |
+          if [[ "${{ steps.plan-no-changes.outputs.changes }}" != "false" ]]; then
+            echo "::error:: changes output not set correctly"
+            exit 1
+          fi
+          
+          if [[ "${{ steps.apply-no-changes.outputs.len }}" != "5" ]]; then
+            echo "::error:: Variables not set correctly"
+            exit 1
+          fi
+
+          if ! grep -q "No changes. Your infrastructure matches the configuration." '${{ steps.plan-no-changes.outputs.text_plan_path }}'; then
+            echo "::error:: text_plan_path not set correctly"
+            exit 1
+          fi
+
+          if ! grep -q "No changes. Your infrastructure matches the configuration." '${{ steps.apply-no-changes.outputs.text_plan_path }}'; then
+            echo "::error:: text_plan_path not set correctly"
+            exit 1
+          fi
+
+          if [[ ! -f "${{ steps.plan-no-changes.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
+            exit 1
+          fi
+
+          if [[ ! -f "${{ steps.apply-no-changes.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
+            exit 1
+          fi
+
+          echo '${{ steps.plan-no-changes.outputs.run_id }}'
+          if [[ "${{ steps.plan-no-changes.outputs.run_id }}" != "run-"* ]]; then
+            echo "::error:: output run_id not set correctly"
+            exit 1
+          fi
+
+          echo '${{ steps.apply-no-changes.outputs.run_id }}'
+          if [[ "${{ steps.apply-no-changes.outputs.run_id }}" != "run-"* ]]; then
+            echo "::error:: output run_id not set correctly"
+            exit 1
+          fi
+
+      - name: Saved plan with changes
+        uses: ./terraform-plan
+        id: saved-plan-changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          label: test-cloud cloud save-plan-changes
+          path: tests/workflows/test-cloud/partial
+          workspace: ${{ github.head_ref }}-cloud-2
+          variables: |
+            length=8
+
+      - name: Saved apply with changes
+        uses: ./terraform-apply
+        id: saved-apply-changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          label: test-cloud cloud save-plan-changes
+          path: tests/workflows/test-cloud/partial
+          plan_path: ${{ steps.saved-plan-changes.outputs.plan_path }}
+          workspace: ${{ github.head_ref }}-cloud-2
+          variables: |
+            length=8
+
+      - name: Verify saved apply with changes
+        run: |
+          if [[ "${{ steps.saved-plan-changes.outputs.changes }}" != "true" ]]; then
+            echo "::error:: changes output not set correctly"
+            exit 1
+          fi
+          
+          if [[ "${{ steps.saved-apply-changes.outputs.len }}" != "8" ]]; then
+            echo "::error:: Variables not set correctly"
+            exit 1
+          fi
+
+          if ! grep -q "Terraform will perform the following actions" '${{ steps.saved-plan-changes.outputs.text_plan_path }}'; then
+            echo "::error:: text_plan_path not set correctly"
+            exit 1
+          fi
+          
+          if [[ ! -f "${{ steps.saved-plan-changes.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
+            exit 1
+          fi
+
+          echo '${{ steps.saved-plan-changes.outputs.run_id }}'
+          if [[ "${{ steps.saved-plan-changes.outputs.run_id }}" != "run-"* ]]; then
+            echo "::error:: output run_id not set correctly"
+            exit 1
+          fi
+          
+          echo '${{ steps.saved-apply-changes.outputs.run_id }}'
+          if [[ "${{ steps.saved-apply-changes.outputs.run_id }}" != "run-"* ]]; then
+            echo "::error:: output run_id not set correctly"
+            exit 1
+          fi
+
+      - name: Saved plan with no changes
+        uses: ./terraform-plan
+        id: saved-plan-no-changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          label: test-cloud cloud save-plan-no-changes
+          path: tests/workflows/test-cloud/partial
+          workspace: ${{ github.head_ref }}-cloud-2
+          variables: |
+            length=8
+
+      - name: Saved apply with no changes
+        uses: ./terraform-apply
+        id: saved-apply-no-changes
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          label: test-cloud cloud save-plan-no-changes
+          path: tests/workflows/test-cloud/partial
+          plan_path: ${{ steps.saved-plan-no-changes.outputs.plan_path }}
+          workspace: ${{ github.head_ref }}-cloud-2
+          variables: |
+            length=8
+
+      - name: Verify saved apply with no changes
+        run: |
+          if [[ "${{ steps.saved-plan-no-changes.outputs.changes }}" != "false" ]]; then
+            echo "::error:: changes output not set correctly"
+            exit 1
+          fi
+          
+          if [[ "${{ steps.saved-apply-no-changes.outputs.len }}" != "8" ]]; then
+            echo "::error:: Variables not set correctly"
+            exit 1
+          fi
+
+          if ! grep -q "No changes. Your infrastructure matches the configuration." '${{ steps.saved-plan-no-changes.outputs.text_plan_path }}'; then
+            echo "::error:: text_plan_path not set correctly"
+            exit 1
+          fi
+
+          if [[ ! -f "${{ steps.saved-plan-no-changes.outputs.json_plan_path }}" ]]; then
+            echo "::error:: json_plan_path should be set"
+            exit 1
+          fi
+
+          echo '${{ steps.saved-plan-no-changes.outputs.run_id }}'
+          if [[ "${{ steps.saved-plan-no-changes.outputs.run_id }}" != "run-"* ]]; then
+            echo "::error:: output run_id not set correctly"
+            exit 1
+          fi
+
+          echo '${{ steps.saved-apply-no-changes.outputs.run_id }}'
+          if [[ "${{ steps.saved-apply-no-changes.outputs.run_id }}" != "run-"* ]]; then
+            echo "::error:: output run_id not set correctly"
+            exit 1
+          fi
+
       - name: Destroy the last workspace
         uses: ./terraform-destroy-workspace
         with:

.github/workflows/test-version.yaml

@@ -503,7 +503,7 @@ jobs:
 
       - name: Check the version
         run: |
-          if [[ "${{ steps.terraform-version.outputs.terraform }}" != *"1.6"* ]]; then
+          if [[ "${{ steps.terraform-version.outputs.terraform }}" != *"1.7"* ]]; then
             echo "::error:: Latest version was not used"
             exit 1
           fi

image/actions.sh

@@ -456,6 +456,16 @@ function plan() {
     # shellcheck disable=SC2034
     PLAN_EXIT=${PIPESTATUS[0]}
     set -e
+
+    if [[ "$TERRAFORM_BACKEND_TYPE" == "remote" || "$TERRAFORM_BACKEND_TYPE" == "cloud" ]]; then
+        if remote-run-id "$STEP_TMP_DIR/terraform_plan.stdout" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
+            RUN_ID="$(<"$STEP_TMP_DIR/remote-run-id.stdout")"
+            set_output run_id "$RUN_ID"
+        else
+            debug_log "Failed to get remote run-id"
+            debug_file "$STEP_TMP_DIR/remote-run-id.stderr"
+        fi
+    fi
 }
 
 function destroy() {

image/entrypoints/apply.sh

@@ -11,16 +11,18 @@ set-plan-args
 PLAN_OUT="$STEP_TMP_DIR/plan.out"
 
 function update_comment() {
-    if ! github_pr_comment "$@" 2>"$STEP_TMP_DIR/github_pr_comment.stderr"; then
-        debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
-    else
-        debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
+    if [[ -v TERRAFORM_ACTIONS_GITHUB_TOKEN ]]; then
+
+        if ! github_pr_comment "$@" 2>"$STEP_TMP_DIR/github_pr_comment.stderr"; then
+            debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
+        else
+            debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
+        fi
+
     fi
 }
 
-if [[ -v TERRAFORM_ACTIONS_GITHUB_TOKEN ]]; then
-    update_comment begin-apply
-fi
+update_comment begin-apply
 
 exec 3>&1
 
@@ -29,12 +31,14 @@ function apply() {
 
     set +e
     if [[ -n "$PLAN_OUT" ]]; then
+
         # shellcheck disable=SC2086
-        debug_log $TOOL_COMMAND_NAME apply -input=false -no-color -auto-approve -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT
+        debug_log $TOOL_COMMAND_NAME apply -input=false -no-color -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT
         # shellcheck disable=SC2086
-        (cd "$INPUT_PATH" && $TOOL_COMMAND_NAME apply -input=false -no-color -auto-approve -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT) \
+        (cd "$INPUT_PATH" && $TOOL_COMMAND_NAME apply -input=false -no-color -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT) \
             2>"$STEP_TMP_DIR/terraform_apply.stderr" \
-            | $TFMASK
+            | $TFMASK \
+            | tee "$STEP_TMP_DIR/terraform_apply.stdout"
         APPLY_EXIT=${PIPESTATUS[0]}
         >&2 cat "$STEP_TMP_DIR/terraform_apply.stderr"
     else
@@ -51,17 +55,25 @@ function apply() {
         APPLY_EXIT=${PIPESTATUS[0]}
         >&2 cat "$STEP_TMP_DIR/terraform_apply.stderr"
 
-        if remote-run-id "$STEP_TMP_DIR/terraform_apply.stdout" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
+    fi
+    set -e
+
+    if [[ "$TERRAFORM_BACKEND_TYPE" == "cloud" || "$TERRAFORM_BACKEND_TYPE" == "remote" ]]; then
+        if remote-run-id "$STEP_TMP_DIR/terraform_apply.stdout" "$STEP_TMP_DIR/terraform_apply.stderr" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
             RUN_ID="$(<"$STEP_TMP_DIR/remote-run-id.stdout")"
             set_output run_id "$RUN_ID"
         else
             debug_log "Failed to get remote run-id"
             debug_file "$STEP_TMP_DIR/remote-run-id.stderr"
         fi
     fi
-    set -e
 
-    if [[ $APPLY_EXIT -eq 0 ]]; then
+    if [[ "$TERRAFORM_BACKEND_TYPE" == "cloud" && $APPLY_EXIT -ne 0 ]] && grep -q "Error: Saved plan has no changes" "$STEP_TMP_DIR/terraform_apply.stderr"; then
+        # Not really an error then is it?
+        APPLY_EXIT=0
+        output
+        update_comment cloud-no-changes-to-apply "$STEP_TMP_DIR/terraform_output.json"
+    elif [[ $APPLY_EXIT -eq 0 ]]; then
         output
         update_comment apply-complete "$STEP_TMP_DIR/terraform_output.json"
     else
@@ -134,7 +146,13 @@ fi
 
 ### Apply the plan
 
-if [[ "$INPUT_AUTO_APPROVE" == "true" || $PLAN_EXIT -eq 0 ]]; then
+if [[ "$TERRAFORM_BACKEND_TYPE" == "cloud" && $PLAN_EXIT -eq 0 ]]; then
+    # Terraform cloud will just error if we try to apply a plan with no changes
+    echo "No changes to apply"
+    output
+    update_comment cloud-no-changes-to-apply "$STEP_TMP_DIR/terraform_output.json"
+
+elif [[ "$INPUT_AUTO_APPROVE" == "true" || $PLAN_EXIT -eq 0 ]]; then
     echo "Automatically approving plan"
     apply
 

image/entrypoints/plan.sh

@@ -27,16 +27,6 @@ fi
 
 cat "$STEP_TMP_DIR/terraform_plan.stderr"
 
-if [[ -z "$PLAN_OUT" ]]; then
-    if remote-run-id "$STEP_TMP_DIR/terraform_plan.stdout" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
-        RUN_ID="$(<"$STEP_TMP_DIR/remote-run-id.stdout")"
-        set_output run_id "$RUN_ID"
-    else
-        debug_log "Failed to get remote run-id"
-        debug_file "$STEP_TMP_DIR/remote-run-id.stderr"
-    fi
-fi
-
 if [[ "$GITHUB_EVENT_NAME" == "pull_request" || "$GITHUB_EVENT_NAME" == "issue_comment" || "$GITHUB_EVENT_NAME" == "pull_request_review_comment" || "$GITHUB_EVENT_NAME" == "pull_request_target" || "$GITHUB_EVENT_NAME" == "pull_request_review" || "$GITHUB_EVENT_NAME" == "repository_dispatch" ]]; then
     if [[ "$INPUT_ADD_GITHUB_COMMENT" == "true" || "$INPUT_ADD_GITHUB_COMMENT" == "changes-only" || "$INPUT_ADD_GITHUB_COMMENT" == "always-new" ]]; then
 

image/setup.py

@@ -21,6 +21,7 @@
     },
     install_requires=[
         'requests',
+        'requests-cache',
         'python-hcl2',
         'canonicaljson'
     ]