From 6ac698fd9f1e828506816131d52505a52bfdc7b4 Mon Sep 17 00:00:00 2001
From: Timo Furrer <tfurrer@gitlab.com>
Date: Wed, 6 Nov 2024 14:44:04 +0100
Subject: [PATCH] Refactor plan job for non-empty plan behavior

---
 templates/plan.yml | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/templates/plan.yml b/templates/plan.yml
index 81e3229..7f18e99 100644
--- a/templates/plan.yml
+++ b/templates/plan.yml
@@ -110,7 +110,15 @@ spec:
   extends: null
 
 '.$[[ inputs.as ]]:detailed_exitcode:warning:true':
+  variables:
+    OPENTOFU_COMPONENT_USE_DETAILED_EXITCODE: '$[[ inputs.warning_on_non_empty_plan ]]'
+    # NOTE: we rely on correct exitcode reporting behavior for the `warning_on_non_empty_plan` input
+    # behavior. However, when using bash the runner does not work properly without setting
+    # the feature flag below to `true`.
+    FF_USE_NEW_BASH_EVAL_STRATEGY: 'true'
   allow_failure:
+    # NOTE: tofu plan -detailed-exitcode return 2 as exit code
+    # when the plan is non-empty.
     exit_codes: [2]
 
 '$[[ inputs.as ]]':
@@ -145,11 +153,6 @@ spec:
     TF_STATE_NAME: $[[ inputs.state_name ]]
     TF_PLAN_NAME: $[[ inputs.plan_name ]]
     OPENTOFU_COMPONENT_VAR_FILE: '$[[ inputs.var_file ]]'
-    OPENTOFU_COMPONENT_USE_DETAILED_EXITCODE: '$[[ inputs.warning_on_non_empty_plan ]]'
-    # NOTE: we rely on correct exitcode reporting behavior for the `warning_on_non_empty_plan` input
-    # behavior. However, when using bash the runner does not work properly without setting
-    # the feature flag below to `true`.
-    FF_USE_NEW_BASH_EVAL_STRATEGY: 'true'
   image:
     name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
   script:
-- 
GitLab