Hi,
I would like to set up a CI job that runs a cdktf diff and passes with OK if the plan is empty, but throws a warning if the plan is not empty. I think one can do this with the -detailed-exitcode parameter in terraform, and using the exit code. Is it possible to do this with CDKTF?
The question is about doing this via cdktf diff, in a single call, instead of
cdktf synth
cd cdktf.out/stacks/<stack>
terraform init
terraform plan -detailed-exitcode
Thanks
You could use the the TF_CLI_ARGS environment variable to pass the flag down.
TF_CLI_ARGS_plan="-detailed-exitcode" cdktf diff my-stack
Good idea! However, cdktf now results in an error (and exit code:1):
External Error: Stack failed to plan: dev. Please check the logs for more information.
Yeah that makes sense, we don’t pass the exit code down, we just see that it fails and throw exit code 1. If you need this level of control running terraform plan on the synthesised stack is your best option. You could also use cdktf-cli/lib which has TS classes / functions to build your own CLI, it’s very flexible, but also a bit of work.
Thanks, Daniel. I’ve figured out how to do it with the synth’ed stack, and it should also be possible to change the exec function in util.ts so that it doesn’t give up on a non-zero error code under the right conditions:
child.once("close", (code: number) => {
if (code !== 0) {
const error = new Error(`non-zero exit code ${code}`);
(error as any).stderr = err.map((chunk) => chunk.toString()).join("");
return ko(error);
}
return ok(Buffer.concat(out).toString("utf-8"));
});
Do you think this is worth having? Worth a feature request?
Can you expand on what you mean with it doesn’t give up? Would it need to continue?
Right. A non-zero exit value from terraform plan -detailed-exitcode should not be interpreted as an error…
You can definitely add a feature request and we will discuss it in the team