fix(terraform): create pr only if workflow files content is different

[jneo8]

• Fix: [Terraform] New PR will be created even if there are no changes in workflow files. #17
• Add document for branch production rule if it's not exists.
• Update terraform workflow to use plan output instead re-plan when apply.

[rgildein]

I do not think it's working as expected, since in plan I can see that it will create branch for PR, push file and create PR. Or I do not understand it correctly?

[jneo8]

I do not think it's working as expected, since in plan I can see that it will create branch for PR, push file and create PR. Or I do not understand it correctly?

Can you explain more? I am not sure what is your issue.

There are some conditions to make sure the pr won't be created if the files are the same.

[Pjack]

LGTM

[rgildein]

I do not think it's working as expected, since in plan I can see that it will create branch for PR, push file and create PR. Or I do not understand it correctly?

Can you explain more? I am not sure what is your issue.

There are some conditions to make sure the pr won't be created if the files are the same.

• Line 143 is saying that the branch will be created.
• Line 155 is saying that "codeowners" file will be created.
• Line 174 is saying that new PR will be created.
• Summary on Line 210 is saying that 5 thinks will be added.

I think that this plan should do nothing, or not?

Also, why do we need to use output here?

[jneo8]

I do not think it's working as expected, since in plan I can see that it will create branch for PR, push file and create PR. Or I do not understand it correctly?

Can you explain more? I am not sure what is your issue.
There are some conditions to make sure the pr won't be created if the files are the same.

• Line 143 is saying that the branch will be created.
• Line 155 is saying that "codeowners" file will be created.
• Line 174 is saying that new PR will be created.
• Summary on Line 210 is saying that 5 thinks will be added.

I think that this plan should do nothing, or not?

Also, why do we need to use output here?

There is a local variable changed_files

# Compare the fetched content with the local content to create a map of changed files
locals {
  changed_files = {
    for file_key, file_info in var.workflow_files : file_key => file_info
      if file(file_info.source) != local.repository_files_content[file_info.destination]
  }
}

The branch and pr will be created if there are any file difference been detected. Those plans show on terraform plan is because change_files is based on data source github_repository_file.files,w which only only fetch the files when terraform apply.

[rgildein]

Since the plan is stored and then applied, I do not think that the PR will not be created. Let's try it.

[rgildein]

I tested it manually and it's not creating new PR. Good job @jneo8!

x1:➜  terraform-plans git:(fix/terraform-create-pr-even-no-changes-in-workflow-files) ✗ terraform apply "./tf.plan" 
module.github_settings.github_repository.repo: Importing... [id=soleng-tf-test-repo]
module.github_settings.github_repository.repo: Import complete [id=soleng-tf-test-repo]
module.github_settings.github_branch_protection.branch_protection: Importing... [id=soleng-tf-test-repo:main]
module.github_settings.github_branch_protection.branch_protection: Import complete [id=soleng-tf-test-repo:main]
module.github_workflow_files.random_string.update_uid: Creating...
module.github_workflow_files.random_string.update_uid: Creation complete after 0s [id=jiboU3hG]
module.github_settings.github_repository_collaborators.repo_collaborators: Creating...
module.github_settings.github_branch_protection.branch_protection: Modifying... [id=BPR_kwDOL00SBM4DBTJ-]
module.github_settings.github_repository_collaborators.repo_collaborators: Still creating... [10s elapsed]
module.github_settings.github_branch_protection.branch_protection: Still modifying... [id=BPR_kwDOL00SBM4DBTJ-, 10s elapsed]
module.github_settings.github_branch_protection.branch_protection: Modifications complete after 11s [id=BPR_kwDOL00SBM4DBTJ-]
module.github_settings.github_repository_collaborators.repo_collaborators: Creation complete after 14s [id=soleng-tf-test-repo]

Apply complete! Resources: 2 imported, 2 added, 1 changed, 0 destroyed.

Outputs:

branch = "main"
changed_files = {}
pr_branch = "No PR created"
pr_created = false
pr_url = "No PR created"
repository = "soleng-tf-test-repo"    

[samuelallan72]

I see other approvals, but there is still unresolved internal discussion around:

• terraform plan in CI not being consistent with terraform apply because of how we use (or don't use) state.
• whether to use matrix in github workflow
• whether to use state

I'm uneasy with leaving these unresolved since changes to this repo could have a large impact to our projects (ie. cause terraform to be applied to all our repos). So I'm going to leave my review in request changes until these discussions are resolved.

[samuelallan72]

Since this is still in pilot/experimental stage, it seems it's fine to merge and iterate on later once the topics are resolved, so I won't block this any longer. :)