Exclude ‘Objects have changed outside of Terraform’ from GitHub Actions output
Ad-hoc fix for annoying Terraform “feature” in GH actions context
As I described in previous article, in terraform 0.15.4 HashiCorp added new thing which shows you what changed from previous apply. Sounds nice to see drift in infrastructure before apply, but in reality depending on providers/resources you’re using, it often ends in huge amount of output in terminal window, which really hard to distinguish from real plan. Especially this is bad for big states, you can literally get thousands of pretty useless lines you have to scroll through to find out what really changed. They promised to fix it in v1.2, but unfortunately it doesn’t look like fixed completely.
So this article describes how to fix this with usecase when terraform is running in GitHub actions and posts plan results to comment in PR. It’s useless to show non-actionable plan there, especially considering limit on comment text length. As a base I will take this article from HashiCorp Learn portal.
To post terraform plan output as comment to PR this snippet is used:
At first let’s improve it slightly by removing “Refreshing state” messages for each object in the beginning of plan, which could also add a lot of noise. To do so, just do plan first with save to binary file and then show it, snippet:
And now we get to the main part of article. As I mentioned in earlier article, the easiest way to get rid of ‘Objects have changed outside of Terraform’ block, is to use sed with pipe to redirect output.
However, this magic ${{steps.plan.outputs.stdout}} works through wrapper in hashicorp/setup-terraform action. And it will stop working if we add pipelinening, like terraform show -no-color gh.plan | sed … .
As described in action documentation, wrapper could be disabled, but then we’ll have to find a way to access it in publish, cause .outputs.stdout won’t be available anymore.
Luckily, we can use JS in actions/github-script and read plan from file log stored earlier. I found this solution in setup-terraform#24, so finally with sed and other steps snippet looks like:
In the end, comments in PR will contain only actual, shortest possible terraform plan 🎉
