From afe19041d91926ad39afd1a13f423fd62d1d67d9 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Feb 2026 01:16:19 +0000
Subject: [PATCH] fix: make destroy guard parse tfplan JSON robustly

Use terraform show with no-color and resilient JSON extraction to avoid parser failures when workflow output includes non-JSON noise.
---
 .gitea/workflows/terraform-apply.yml | 4 ++--
 .gitea/workflows/terraform-plan.yml  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/terraform-apply.yml b/.gitea/workflows/terraform-apply.yml
index 4e6e49a..d43e4d5 100644
--- a/.gitea/workflows/terraform-apply.yml
+++ b/.gitea/workflows/terraform-apply.yml
@@ -54,8 +54,8 @@ jobs:
           ALLOW_TF_DESTROY: ${{ secrets.ALLOW_TF_DESTROY }}
         working-directory: terraform
         run: |
-          terraform show -json tfplan > tfplan.json
-          DESTROY_COUNT=$(python3 -c 'import json; p=json.load(open("tfplan.json")); print(sum(1 for rc in p.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))')
+          terraform show -json -no-color tfplan > tfplan.json
+          DESTROY_COUNT=$(python3 -c 'import json,sys; raw=open("tfplan.json","rb").read().decode("utf-8","ignore"); start=raw.find("{"); end=raw.rfind("}"); data=json.loads(raw[start:end+1]); print(sum(1 for rc in data.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))')
           echo "Planned deletes: $DESTROY_COUNT"
           if [ "$DESTROY_COUNT" -gt 0 ] && [ "${ALLOW_TF_DESTROY}" != "true" ]; then
             echo "Destroy actions detected. Set ALLOW_TF_DESTROY=true to allow."
diff --git a/.gitea/workflows/terraform-plan.yml b/.gitea/workflows/terraform-plan.yml
index b54fa26..84d12ba 100644
--- a/.gitea/workflows/terraform-plan.yml
+++ b/.gitea/workflows/terraform-plan.yml
@@ -68,8 +68,8 @@ jobs:
           ALLOW_TF_DESTROY: ${{ secrets.ALLOW_TF_DESTROY }}
         working-directory: terraform
         run: |
-          terraform show -json tfplan > tfplan.json
-          DESTROY_COUNT=$(python3 -c 'import json; p=json.load(open("tfplan.json")); print(sum(1 for rc in p.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))')
+          terraform show -json -no-color tfplan > tfplan.json
+          DESTROY_COUNT=$(python3 -c 'import json,sys; raw=open("tfplan.json","rb").read().decode("utf-8","ignore"); start=raw.find("{"); end=raw.rfind("}"); data=json.loads(raw[start:end+1]); print(sum(1 for rc in data.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))')
           echo "Planned deletes: $DESTROY_COUNT"
           if [ "$DESTROY_COUNT" -gt 0 ] && [ "${ALLOW_TF_DESTROY}" != "true" ]; then
             echo "Destroy actions detected. Set ALLOW_TF_DESTROY=true to allow."