micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: make destroy guard parse tfplan JSON robustly
Some checks failed
Terraform Plan / Terraform Plan (push) Has been cancelled
Details

Browse Source 
Use terraform show with no-color and resilient JSON extraction to avoid parser failures when workflow output includes non-JSON noise.
This commit is contained in:
MichaelFisher1997
2026-02-28 01:16:19 +00:00
parent c9be2a2fc8
commit afe19041d9
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitea/workflows/terraform-apply.yml
View File

@@ -54,8 +54,8 @@ jobs:
ALLOW_TF_DESTROY: ${{ secrets.ALLOW_TF_DESTROY }} ALLOW_TF_DESTROY: ${{ secrets.ALLOW_TF_DESTROY }}
working-directory: terraform working-directory: terraform
run: | run: |
terraform show -json tfplan > tfplan.json terraform show -json -no-color tfplan > tfplan.json
DESTROY_COUNT=$(python3 -c 'import json; p=json.load(open("tfplan.json")); print(sum(1 for rc in p.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))') DESTROY_COUNT=$(python3 -c 'import json,sys; raw=open("tfplan.json","rb").read().decode("utf-8","ignore"); start=raw.find("{"); end=raw.rfind("}"); data=json.loads(raw[start:end+1]); print(sum(1 for rc in data.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))')
echo "Planned deletes: $DESTROY_COUNT" echo "Planned deletes: $DESTROY_COUNT"
if [ "$DESTROY_COUNT" -gt 0 ] && [ "${ALLOW_TF_DESTROY}" != "true" ]; then if [ "$DESTROY_COUNT" -gt 0 ] && [ "${ALLOW_TF_DESTROY}" != "true" ]; then
echo "Destroy actions detected. Set ALLOW_TF_DESTROY=true to allow." echo "Destroy actions detected. Set ALLOW_TF_DESTROY=true to allow."

4
.gitea/workflows/terraform-plan.yml
View File

@@ -68,8 +68,8 @@ jobs:
ALLOW_TF_DESTROY: ${{ secrets.ALLOW_TF_DESTROY }} ALLOW_TF_DESTROY: ${{ secrets.ALLOW_TF_DESTROY }}
working-directory: terraform working-directory: terraform
run: | run: |
terraform show -json tfplan > tfplan.json terraform show -json -no-color tfplan > tfplan.json
DESTROY_COUNT=$(python3 -c 'import json; p=json.load(open("tfplan.json")); print(sum(1 for rc in p.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))') DESTROY_COUNT=$(python3 -c 'import json,sys; raw=open("tfplan.json","rb").read().decode("utf-8","ignore"); start=raw.find("{"); end=raw.rfind("}"); data=json.loads(raw[start:end+1]); print(sum(1 for rc in data.get("resource_changes", []) if "delete" in rc.get("change", {}).get("actions", [])))')
echo "Planned deletes: $DESTROY_COUNT" echo "Planned deletes: $DESTROY_COUNT"
if [ "$DESTROY_COUNT" -gt 0 ] && [ "${ALLOW_TF_DESTROY}" != "true" ]; then if [ "$DESTROY_COUNT" -gt 0 ] && [ "${ALLOW_TF_DESTROY}" != "true" ]; then
echo "Destroy actions detected. Set ALLOW_TF_DESTROY=true to allow." echo "Destroy actions detected. Set ALLOW_TF_DESTROY=true to allow."