diff --git a/terraform-v2/apply.sh b/terraform-v2/apply.sh index dd235903..9cc81270 100644 --- a/terraform-v2/apply.sh +++ b/terraform-v2/apply.sh @@ -5,11 +5,6 @@ include github.py EOF -cat >/tmp/cmp.py <<"EOF" -include cmp.py - -EOF - cat >/tmp/comment_util.py <<"EOF" include comment_util.py @@ -88,6 +83,11 @@ fi set -e +function sanitise_plan() { + local plan="$1" + echo "$plan" | sed -E '/Releasing state lock. This may take a few moments\.\.\./d' | awk '{gsub(/^[[:space:]]*~ latest_restorable_time[[:space:]]*=.*$/,"")};1' +} + if [[ "<< parameters.auto_approve >>" == "true" || $TF_EXIT -eq 0 ]]; then echo "Automatically approving plan" @@ -99,10 +99,25 @@ else exit 1 fi - if python3 /tmp/cmp.py plan.txt approved-plan.txt; then + set +x + + plan=$(cat "plan.txt") + approved_plan=$(cat "approved-plan.txt") + + sanitised_plan=$(sanitise_plan "$plan") + sanitised_approved_plan=$(sanitise_plan "$approved_plan") + + sanitised_plan_file=$(mktemp) + sanitised_approved_plan_file=$(mktemp) + echo "$sanitised_plan" > "$sanitised_plan_file" + echo "$sanitised_approved_plan" > "$sanitised_approved_plan_file" + + # run diff on temporary files + if diff_output=$(diff "$sanitised_plan_file" "$sanitised_approved_plan_file"); then apply else update_status "Plan not applied in CircleCI Job [${CIRCLE_JOB}](${CIRCLE_BUILD_URL}) (Plan has changed)" + echo "$diff_output" exit 1 fi fi diff --git a/terraform-v2/cmp.py b/terraform-v2/cmp.py deleted file mode 100644 index ff2056ed..00000000 --- a/terraform-v2/cmp.py +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env python3 - -import sys -import re - -with open(sys.argv[1], encoding="utf-8") as f: - generated_plan = f.read() -with open(sys.argv[2], encoding="utf-8") as f: - plan_from_pr = f.read() - -# Sanitize AWS computed RDS attribute. See commit message. -# Other attributes may need to be added in future. -# Ref: https://github.com/hashicorp/terraform/issues/28803 -generated_plan = re.sub( - r"(?m)^\s+~ latest_restorable_time\s+=.+$", "", generated_plan.strip() -) -plan_from_pr = re.sub( - r"(?m)^\s+~ latest_restorable_time\s+=.+$", "", plan_from_pr.strip() -) - -if generated_plan == plan_from_pr: - exit(0) - -exit(1)