Blanks in diff prevent apply about terraform-github-actions HOT 6 CLOSED

@toast-gear please create another issue

from terraform-github-actions.

We are having a plan fail for a specific stack with the below diff (I've replaced the account IDs with 111111111 but in all cases it's the same account ID:

16a17
>                               - "arn:aws:iam::***:root",
19d19
<                               - "arn:aws:iam::***:root",
40d39
<                               - "arn:aws:iam::111111111111:root",
43c42
<                               + "arn:aws:iam::111111111111:root",
---
>                                 "arn:aws:iam::111111111111:root",
63a63
>                               - "arn:aws:iam::111111111111:root",
66c66
<                                 "arn:aws:iam::111111111111:root",
---
>                               + "arn:aws:iam::111111111111:root",
133d132
<                               - "arn:aws:iam::111111111111:root",
136c135
<                               + "arn:aws:iam::111111111111:root",
---
>                                 "arn:aws:iam::111111111111:root",
180d178
<                               - "arn:aws:iam::111111111111:root",
183c181
<                               + "arn:aws:iam::111111111111:root",
---
>                                 "arn:aws:iam::111111111111:root",
250a249
>                               - "arn:aws:iam::111111111111:root",
253c252
<                                 "arn:aws:iam::111111111111:root",
---
>                               + "arn:aws:iam::111111111111:root",
288c287

It looks like a whitespace type issue, I had a look at the diff --help options and I think perhaps adding ignores for all the whitespace style changes should be included in the diff check? We do fmt in the pipeline so I'm not sure how we could have a whitespace issue but even so, this probably isn't the way to enforce fmt in a pipeline and can potentially lead to false positives so I think ignoring whitespace style differences in the diff would be good and could avoid weird edge cases

  -E  --ignore-tab-expansion  Ignore changes due to tab expansion.
  -b  --ignore-space-change  Ignore changes in the amount of white space.
  -w  --ignore-all-space  Ignore all white space.
  -B  --ignore-blank-lines  Ignore changes whose lines are all blank.

EDIT Have looked at this more I can see the real comparison determining the go / no go logic happens in python script which strips, now I'm very confused as what the root cause of our issue is https://github.com/dflook/terraform-github-actions/blob/master/image/tools/plan_cmp.py. Changing the diff binary flags won't help but there is probably an improvement to be made to make the go / no go diff the same as the binary diff output. It would be more ideal if the script that performs the compare is also responsible for reporting what the differences are in the case of a mismatch in plans so a more accurate diff can be presented.

from terraform-github-actions.

The diff command is only used for informational output when the plan does not compare equal to the plan in the comment.

The plan_cmp script is for comparing plans and it could definately be improved (see #64), but I'm not aware that whitespace is a problem. Do you have an example of a whitespace only difference preventing an apply? The plan is generated the same way every time.

@toast-gear It's difficult to tell what the differences are in your snippet. It looks like it's a list where the entries are changing or being re-ordered. This would be a legitimate difference in the plan.

from terraform-github-actions.

It's difficult to tell what the differences are in your snippet

yes I'm having the same problem

Do you have an example of a whitespace only difference preventing an apply?

No, the PR is created and merged within 30 seconds and the repository isn't managing resources that are touched outside of this repository. We have also removed the problem being a race condition. Still looking into it, going grab the plan from the comment and compare it with the runtime plan, but a improvement would from my perspective would be to improve the Python plan script to also handle the reporting if the plans don't match.

from terraform-github-actions.

Is there a easy way of uploading the 2 plans as artefacts so I can easy compare them outside the pipeline?

from terraform-github-actions.

I don't think insignificant blank lines in the plan can prevent an apply. If you find an example, please re-open this issue.

from terraform-github-actions.