Skip to content
Snippets Groups Projects
Unverified Commit 8f5b05bb authored by Timo Furrer's avatar Timo Furrer
Browse files

Fix plan json generation if `warning_on_non_empty_plan` is `true` and plan is non-empty 

Closes https://gitlab.com/components/opentofu/-/issues/81

Changelog: fixed
parent 7cffa28c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/gitlab-tofu.sh
+ 15
4
View file @ 8f5b05bb
...@@ -244,12 +244,23 @@ if [ $sourced -eq 0 ]; then ...@@ -244,12 +244,23 @@ if [ $sourced -eq 0 ]; then
$TF_IMPLICIT_INIT && terraform_init $TF_IMPLICIT_INIT && terraform_init
# shellcheck disable=SC2086 # shellcheck disable=SC2086
tofu "${TF_CHDIR_OPT}" "${@}" -input=false -out="${TF_PLAN_CACHE}" ${var_file_args} ${plan_args} tofu "${TF_CHDIR_OPT}" "${@}" -input=false -out="${TF_PLAN_CACHE}" ${var_file_args} ${plan_args} && ret=$? || ret=$?
if [ "${OPENTOFU_COMPONENT_PLAN_WITH_JSON}" = 'true' ]; then
if [ "$ret" -eq 0 ] || [ "$ret" -eq 2 ]; then
if ! tofu "${TF_CHDIR_OPT}" show -json "${TF_PLAN_CACHE}" | jq -r "${JQ_PLAN}" > "${TF_PLAN_JSON}"; then
exit $?
fi
# NOTE: we want to exit with the tofu plan exit code if the tofu show command call is successful.
exit "$ret"
fi
fi
exit "$ret"
;; ;;
"plan-json") "plan-json")
tofu "${TF_CHDIR_OPT}" show -json "${TF_PLAN_CACHE}" | \ tofu "${TF_CHDIR_OPT}" show -json "${TF_PLAN_CACHE}" | jq -r "${JQ_PLAN}" > "${TF_PLAN_JSON}"
jq -r "${JQ_PLAN}" \
> "${TF_PLAN_JSON}"
;; ;;
"validate") "validate")
$TF_IMPLICIT_INIT && terraform_init -backend=false $TF_IMPLICIT_INIT && terraform_init -backend=false
......
templates/plan.yml
+ 6
1
View file @ 8f5b05bb
...@@ -120,6 +120,11 @@ spec: ...@@ -120,6 +120,11 @@ spec:
# NOTE: tofu plan -detailed-exitcode return 2 as exit code # NOTE: tofu plan -detailed-exitcode return 2 as exit code
# when the plan is non-empty. # when the plan is non-empty.
exit_codes: [2] exit_codes: [2]
artifacts:
# NOTE: we require to always upload artifacts, because when `warning_on_non_empty_plan` is set enabled
# and there is a non-empty plan we have an exit code of `2` which is considered a (failure),
# but we still want to upload all the artifacts.
when: always
'$[[ inputs.as ]]': '$[[ inputs.as ]]':
stage: $[[ inputs.stage ]] stage: $[[ inputs.stage ]]
...@@ -152,10 +157,10 @@ spec: ...@@ -152,10 +157,10 @@ spec:
TF_ROOT: $[[ inputs.root_dir ]] TF_ROOT: $[[ inputs.root_dir ]]
TF_STATE_NAME: $[[ inputs.state_name ]] TF_STATE_NAME: $[[ inputs.state_name ]]
TF_PLAN_NAME: $[[ inputs.plan_name ]] TF_PLAN_NAME: $[[ inputs.plan_name ]]
OPENTOFU_COMPONENT_PLAN_WITH_JSON: true
OPENTOFU_COMPONENT_VAR_FILE: '$[[ inputs.var_file ]]' OPENTOFU_COMPONENT_VAR_FILE: '$[[ inputs.var_file ]]'
image: image:
name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]' name: '$[[ inputs.image_registry_base ]]/$[[ inputs.image_name ]]:$[[ inputs.version ]]-opentofu$[[ inputs.opentofu_version ]]-$[[ inputs.base_os ]]$[[ inputs.image_digest ]]'
script: script:
- "args=\"\"\nif [ \"$[[ inputs.destroy ]]\" == \"true\" ]; then \n echo \"Planning for a destroy\"\n args=\"-destroy\"\nfi\n" - "args=\"\"\nif [ \"$[[ inputs.destroy ]]\" == \"true\" ]; then \n echo \"Planning for a destroy\"\n args=\"-destroy\"\nfi\n"
- gitlab-tofu plan $args - gitlab-tofu plan $args
- gitlab-tofu plan-json
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment